Ejemplo n.º 1
0
static struct wpabuf * eap_aka_process_notification(
    struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    const struct wpabuf *reqData, struct eap_sim_attrs *attr)
{
    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Notification");
    if (data->num_notification > 0) {
        wpa_printf(MSG_INFO, "EAP-AKA: too many notification "
                   "rounds (only one allowed)");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
    data->num_notification++;
    if (attr->notification == -1) {
        wpa_printf(MSG_INFO, "EAP-AKA: no AT_NOTIFICATION in "
                   "Notification message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if ((attr->notification & 0x4000) == 0 &&
            eap_aka_process_notification_auth(data, reqData, attr)) {
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    eap_sim_report_notification(sm->msg_ctx, attr->notification, 1);
    if (attr->notification >= 0 && attr->notification < 32768) {
        eap_aka_state(data, FAILURE);
    } else if (attr->notification == EAP_SIM_SUCCESS &&
               data->state == RESULT_SUCCESS)
        eap_aka_state(data, SUCCESS);
    return eap_aka_response_notification(data, id, attr->notification);
}
Ejemplo n.º 2
0
static u8 * eap_aka_process_notification(struct eap_sm *sm,
					 struct eap_aka_data *data,
					 const struct eap_hdr *req,
					 size_t reqDataLen,
					 size_t *respDataLen,
					 struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Notification");
	if (data->num_notification > 0) {
		wpa_printf(MSG_INFO, "EAP-AKA: too many notification "
			   "rounds (only one allowed)");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	data->num_notification++;
	if (attr->notification == -1) {
		wpa_printf(MSG_INFO, "EAP-AKA: no AT_NOTIFICATION in "
			   "Notification message");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	if ((attr->notification & 0x4000) == 0 &&
	    eap_aka_process_notification_auth(data, req, reqDataLen, attr)) {
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	eap_sim_report_notification(sm->msg_ctx, attr->notification, 1);
	if (attr->notification >= 0 && attr->notification < 32768) {
		data->state = FAILURE;
	}
	return eap_aka_response_notification(data, req, respDataLen,
					     attr->notification);
}
Ejemplo n.º 3
0
static struct wpabuf * eap_aka_process_identity(struct eap_sm *sm,
        struct eap_aka_data *data,
        u8 id,
        const struct wpabuf *reqData,
        struct eap_sim_attrs *attr)
{
    int id_error;
    struct wpabuf *buf;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Identity");

    id_error = 0;
    switch (attr->id_req) {
    case NO_ID_REQ:
        break;
    case ANY_ID:
        if (data->num_id_req > 0)
            id_error++;
        data->num_id_req++;
        break;
    case FULLAUTH_ID:
        if (data->num_id_req > 1)
            id_error++;
        data->num_id_req++;
        break;
    case PERMANENT_ID:
        if (data->num_id_req > 2)
            id_error++;
        data->num_id_req++;
        break;
    }
    if (id_error) {
        wpa_printf(MSG_INFO, "EAP-AKA: Too many ID requests "
                   "used within one authentication");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    buf = eap_aka_response_identity(sm, data, id, attr->id_req);

    if (data->prev_id != id) {
        eap_aka_add_id_msg(data, reqData);
        eap_aka_add_id_msg(data, buf);
        data->prev_id = id;
    }

    return buf;
}
Ejemplo n.º 4
0
static u8 * eap_aka_process_identity(struct eap_sm *sm,
				     struct eap_aka_data *data,
				     const struct eap_hdr *req,
				     size_t *respDataLen,
				     struct eap_sim_attrs *attr)
{
	int id_error;

	wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Identity");

	id_error = 0;
	switch (attr->id_req) {
	case NO_ID_REQ:
		break;
	case ANY_ID:
		if (data->num_id_req > 0)
			id_error++;
		data->num_id_req++;
		break;
	case FULLAUTH_ID:
		if (data->num_id_req > 1)
			id_error++;
		data->num_id_req++;
		break;
	case PERMANENT_ID:
		if (data->num_id_req > 2)
			id_error++;
		data->num_id_req++;
		break;
	}
	if (id_error) {
		wpa_printf(MSG_INFO, "EAP-AKA: Too many ID requests "
			   "used within one authentication");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	return eap_aka_response_identity(sm, data, req, respDataLen,
					 attr->id_req);
}
Ejemplo n.º 5
0
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
        struct eap_aka_data *data,
        u8 id,
        const struct wpabuf *reqData,
        struct eap_sim_attrs *attr)
{
    const u8 *identity;
    size_t identity_len;
    int res;
    struct eap_sim_attrs eattr;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        if (!attr->kdf_input || attr->kdf_input_len == 0) {
            wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message "
                       "did not include non-empty AT_KDF_INPUT");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
        os_free(data->network_name);
        data->network_name = os_malloc(attr->kdf_input_len);
        if (data->network_name == NULL) {
            wpa_printf(MSG_WARNING, "EAP-AKA': No memory for "
                       "storing Network Name");
            return eap_aka_authentication_reject(data, id);
        }
        os_memcpy(data->network_name, attr->kdf_input,
                  attr->kdf_input_len);
        data->network_name_len = attr->kdf_input_len;
        wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name "
                          "(AT_KDF_INPUT)",
                          data->network_name, data->network_name_len);
        /* TODO: check Network Name per 3GPP.33.402 */

        if (!eap_aka_prime_kdf_valid(data, attr))
            return eap_aka_authentication_reject(data, id);

        if (attr->kdf[0] != EAP_AKA_PRIME_KDF)
            return eap_aka_prime_kdf_neg(data, id, attr);

        data->kdf = EAP_AKA_PRIME_KDF;
        wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
    }

    if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
        u16 flags = WPA_GET_BE16(attr->bidding);
        if ((flags & EAP_AKA_BIDDING_FLAG_D) &&
                eap_allowed_method(sm, EAP_VENDOR_IETF,
                                   EAP_TYPE_AKA_PRIME)) {
            wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from "
                       "AKA' to AKA detected");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
    }
#endif /* EAP_AKA_PRIME */

    data->reauth = 0;
    if (!attr->mac || !attr->rand || !attr->autn) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "did not include%s%s%s",
                   !attr->mac ? " AT_MAC" : "",
                   !attr->rand ? " AT_RAND" : "",
                   !attr->autn ? " AT_AUTN" : "");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
    os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
    os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

    res = eap_aka_umts_auth(sm, data);
    if(res != 0) {
        wpa_printf(MSG_ERROR, "EAP-AKA: No more data send to APDU server");
        //SCardDisconnect(0,0);
    }
    if (res == -1) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN)");
        return eap_aka_authentication_reject(data, id);
    } else if (res == -2) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN seq# -> AUTS)");
        return eap_aka_synchronization_failure(data, id);
    } else if (res) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
         * needed 6-octet SQN ^ AK for CK',IK' derivation */
        u16 amf = WPA_GET_BE16(data->autn + 6);
        if (!(amf & 0x8000)) {
            wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
                       "not set (AMF=0x%4x)", amf);
            return eap_aka_authentication_reject(data, id);
        }
        eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
                                         data->autn,
                                         data->network_name,
                                         data->network_name_len);
    }
#endif /* EAP_AKA_PRIME */
    if (data->last_eap_identity) {
        identity = data->last_eap_identity;
        identity_len = data->last_eap_identity_len;
    } else if (data->pseudonym) {
        identity = data->pseudonym;
        identity_len = data->pseudonym_len;
    } else
        identity = eap_get_config_identity(sm, &identity_len);
    wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
                      "derivation", identity, identity_len);
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys(identity, identity_len, data->ik,
                                  data->ck, data->k_encr, data->k_aut,
                                  data->k_re, data->msk, data->emsk);
    } else {
        eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
                          data->mk);
        eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
                            data->msk, data->emsk);
    }
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "used invalid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    /* Old reauthentication identity must not be used anymore. In
     * other words, if no new identities are received, full
     * authentication will be used on next reauthentication (using
     * pseudonym identity or permanent identity). */
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);

    if (attr->encr_data) {
        u8 *decrypted;
        decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                       attr->encr_data_len, attr->iv,
                                       &eattr, 0);
        if (decrypted == NULL) {
            return eap_aka_client_error(
                       data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        }
        eap_aka_learn_ids(sm, data, &eattr);
        os_free(decrypted);
    }

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    /* RFC 4187 specifies that counter is initialized to one after
     * fullauth, but initializing it to zero makes it easier to implement
     * reauth verification. */
    data->counter = 0;
    return eap_aka_response_challenge(data, id);
}
Ejemplo n.º 6
0
static struct wpabuf * eap_aka_process(struct eap_sm *sm, void *priv,
                                       struct eap_method_ret *ret,
                                       const struct wpabuf *reqData)
{
    struct eap_aka_data *data = priv;
    const struct eap_hdr *req;
    u8 subtype, id;
    struct wpabuf *res;
    const u8 *pos;
    struct eap_sim_attrs attr;
    size_t len;

    wpa_hexdump_buf(MSG_DEBUG, "EAP-AKA: EAP data", reqData);
    if (eap_get_config_identity(sm, &len) == NULL) {
        wpa_printf(MSG_INFO, "EAP-AKA: Identity not configured");
        eap_sm_request_identity(sm);
        ret->ignore = TRUE;
        return NULL;
    }

    pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData,
                           &len);
    if (pos == NULL || len < 1) {
        ret->ignore = TRUE;
        return NULL;
    }
    req = wpabuf_head(reqData);
    id = req->identifier;
    len = be_to_host16(req->length);

    ret->ignore = FALSE;
    ret->methodState = METHOD_MAY_CONT;
    ret->decision = DECISION_FAIL;
    ret->allowNotifications = TRUE;

    subtype = *pos++;
    wpa_printf(MSG_DEBUG, "EAP-AKA: Subtype=%d", subtype);
    pos += 2; /* Reserved */

    if (eap_sim_parse_attr(pos, wpabuf_head_u8(reqData) + len, &attr,
                           data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
                           0)) {
        res = eap_aka_client_error(data, id,
                                   EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        goto done;
    }

    switch (subtype) {
    case EAP_AKA_SUBTYPE_IDENTITY:
        res = eap_aka_process_identity(sm, data, id, reqData, &attr);
        break;
    case EAP_AKA_SUBTYPE_CHALLENGE:
        res = eap_aka_process_challenge(sm, data, id, reqData, &attr);
        break;
    case EAP_AKA_SUBTYPE_NOTIFICATION:
        res = eap_aka_process_notification(sm, data, id, reqData,
                                           &attr);
        break;
    case EAP_AKA_SUBTYPE_REAUTHENTICATION:
        res = eap_aka_process_reauthentication(sm, data, id, reqData,
                                               &attr);
        break;
    case EAP_AKA_SUBTYPE_CLIENT_ERROR:
        wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Client-Error");
        res = eap_aka_client_error(data, id,
                                   EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        break;
    default:
        wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown subtype=%d", subtype);
        res = eap_aka_client_error(data, id,
                                   EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        break;
    }

done:
    if (data->state == FAILURE) {
        ret->decision = DECISION_FAIL;
        ret->methodState = METHOD_DONE;
    } else if (data->state == SUCCESS) {
        ret->decision = data->use_result_ind ?
                        DECISION_UNCOND_SUCC : DECISION_COND_SUCC;
        /*
         * It is possible for the server to reply with AKA
         * Notification, so we must allow the method to continue and
         * not only accept EAP-Success at this point.
         */
        ret->methodState = data->use_result_ind ?
                           METHOD_DONE : METHOD_MAY_CONT;
    } else if (data->state == RESULT_FAILURE)
        ret->methodState = METHOD_CONT;
    else if (data->state == RESULT_SUCCESS)
        ret->methodState = METHOD_CONT;

    if (ret->methodState == METHOD_DONE) {
        ret->allowNotifications = FALSE;
    }

    return res;
}
Ejemplo n.º 7
0
static struct wpabuf * eap_aka_process_reauthentication(
    struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    const struct wpabuf *reqData, struct eap_sim_attrs *attr)
{
    struct eap_sim_attrs eattr;
    u8 *decrypted;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Reauthentication");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (data->reauth_id == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Server is trying "
                   "reauthentication, but no reauth_id available");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    data->reauth = 1;
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "did not have valid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (attr->encr_data == NULL || attr->iv == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "message did not include encrypted data");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                   attr->encr_data_len, attr->iv, &eattr,
                                   0);
    if (decrypted == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
                   "data from reauthentication message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.nonce_s == NULL || eattr.counter < 0) {
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) No%s%s in reauth packet",
                   !eattr.nonce_s ? " AT_NONCE_S" : "",
                   eattr.counter < 0 ? " AT_COUNTER" : "");
        os_free(decrypted);
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
        struct wpabuf *res;
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) Invalid counter "
                   "(%d <= %d)", eattr.counter, data->counter);
        data->counter_too_small = eattr.counter;

        /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
         * reauth_id must not be used to start a new reauthentication.
         * However, since it was used in the last EAP-Response-Identity
         * packet, it has to saved for the following fullauth to be
         * used in MK derivation. */
        os_free(data->last_eap_identity);
        data->last_eap_identity = data->reauth_id;
        data->last_eap_identity_len = data->reauth_id_len;
        data->reauth_id = NULL;
        data->reauth_id_len = 0;

        res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s);
        os_free(decrypted);

        return res;
    }
    data->counter = eattr.counter;

    os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
    wpa_hexdump(MSG_DEBUG, "EAP-AKA: (encr) AT_NONCE_S",
                data->nonce_s, EAP_SIM_NONCE_S_LEN);

    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
                                         data->reauth_id,
                                         data->reauth_id_len,
                                         data->nonce_s,
                                         data->msk, data->emsk);
    } else {
        eap_sim_derive_keys_reauth(data->counter, data->reauth_id,
                                   data->reauth_id_len,
                                   data->nonce_s, data->mk,
                                   data->msk, data->emsk);
    }
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    eap_aka_learn_ids(sm, data, &eattr);

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
        wpa_printf(MSG_DEBUG, "EAP-AKA: Maximum number of "
                   "fast reauths performed - force fullauth");
        eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    }
    os_free(decrypted);
    return eap_aka_response_reauth(data, id, 0, data->nonce_s);
}
Ejemplo n.º 8
0
static u8 * eap_aka_process_challenge(struct eap_sm *sm,
				      struct eap_aka_data *data,
				      const struct eap_hdr *req,
				      size_t reqDataLen,
				      size_t *respDataLen,
				      struct eap_sim_attrs *attr)
{
	const u8 *identity;
	size_t identity_len;
	int res;
	struct eap_sim_attrs eattr;

	wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
	data->reauth = 0;
	if (!attr->mac || !attr->rand || !attr->autn) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "did not include%s%s%s",
			   !attr->mac ? " AT_MAC" : "",
			   !attr->rand ? " AT_RAND" : "",
			   !attr->autn ? " AT_AUTN" : "");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
	os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

	res = eap_aka_umts_auth(sm, data);
	if (res == -1) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN)");
		return eap_aka_authentication_reject(data, req, respDataLen);
	} else if (res == -2) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN seq# -> AUTS)");
		return eap_aka_synchronization_failure(data, req, respDataLen);
	} else if (res) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	if (data->last_eap_identity) {
		identity = data->last_eap_identity;
		identity_len = data->last_eap_identity_len;
	} else if (data->pseudonym) {
		identity = data->pseudonym;
		identity_len = data->pseudonym_len;
	} else
		identity = eap_get_config_identity(sm, &identity_len);
	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
			  "derivation", identity, identity_len);
	eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
			  data->mk);
	eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
			    data->emsk);
	if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
			       attr->mac, (u8 *) "", 0)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "used invalid AT_MAC");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	/* Old reauthentication and pseudonym identities must not be used
	 * anymore. In other words, if no new identities are received, full
	 * authentication will be used on next reauthentication. */
	eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
				 CLEAR_EAP_ID);

	if (attr->encr_data) {
		u8 *decrypted;
		decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
					       attr->encr_data_len, attr->iv,
					       &eattr, 0);
		if (decrypted == NULL) {
			return eap_aka_client_error(
				data, req, respDataLen,
				EAP_AKA_UNABLE_TO_PROCESS_PACKET);
		}
		eap_aka_learn_ids(data, &eattr);
		os_free(decrypted);
	}

	if (data->state != FAILURE)
		data->state = SUCCESS;

	data->num_id_req = 0;
	data->num_notification = 0;
	/* RFC 4187 specifies that counter is initialized to one after
	 * fullauth, but initializing it to zero makes it easier to implement
	 * reauth verification. */
	data->counter = 0;
	return eap_aka_response_challenge(data, req, respDataLen);
}