static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data,
u8 id, u16 notification)
{
struct eap_sim_msg *msg;
u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)", id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_NOTIFICATION);
if (k_aut && data->reauth) {
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
EAP_SIM_AT_ENCR_DATA);
wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
NULL, 0);
if (eap_sim_msg_add_encr_end(msg, data->k_encr,
EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
"AT_ENCR_DATA");
eap_sim_msg_free(msg);
return NULL;
}
}
if (k_aut) {
wpa_printf(MSG_DEBUG, " AT_MAC");
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
}
return eap_sim_msg_finish(msg, k_aut, (u8 *) "", 0);
}
static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data,
u8 id, int counter_too_small,
const u8 *nonce_s)
{
struct eap_sim_msg *msg;
unsigned int counter;
wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)",
id);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
EAP_AKA_SUBTYPE_REAUTHENTICATION);
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
if (counter_too_small) {
wpa_printf(MSG_DEBUG, " *AT_COUNTER_TOO_SMALL");
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
counter = data->counter_too_small;
} else
counter = data->counter;
wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
"AT_ENCR_DATA");
eap_sim_msg_free(msg);
return NULL;
}
eap_aka_add_checkcode(data, msg);
if (data->use_result_ind) {
wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
}
wpa_printf(MSG_DEBUG, " AT_MAC");
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
EAP_SIM_NONCE_S_LEN);
}
static u8 * eap_sim_response_reauth(struct eap_sm *sm,
struct eap_sim_data *data,
struct eap_hdr *req,
size_t *respDataLen, int counter_too_small)
{
struct eap_sim_msg *msg;
unsigned int counter;
wpa_printf(MSG_DEBUG, "Generating EAP-SIM Reauthentication (id=%d)",
req->identifier);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_REAUTHENTICATION);
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
if (counter_too_small) {
wpa_printf(MSG_DEBUG, " *AT_COUNTER_TOO_SMALL");
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
counter = data->counter_too_small;
} else
counter = data->counter;
wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
"AT_ENCR_DATA");
eap_sim_msg_free(msg);
return NULL;
}
wpa_printf(MSG_DEBUG, " AT_MAC");
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
return eap_sim_msg_finish(msg, respDataLen, data->k_aut, data->nonce_s,
EAP_SIM_NONCE_S_LEN);
}
static u8 * eap_sim_response_notification(struct eap_sm *sm,
struct eap_sim_data *data,
struct eap_hdr *req,
size_t *respDataLen,
u16 notification)
{
struct eap_sim_msg *msg;
u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)",
req->identifier);
msg = eap_sim_msg_init(EAP_CODE_RESPONSE, req->identifier,
EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
wpa_printf(MSG_DEBUG, " AT_NOTIFICATION");
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, notification, NULL, 0);
if (k_aut && data->reauth) {
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
EAP_SIM_AT_ENCR_DATA);
wpa_printf(MSG_DEBUG, " *AT_COUNTER %d", data->counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
NULL, 0);
if (eap_sim_msg_add_encr_end(msg, data->k_encr,
EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
"AT_ENCR_DATA");
eap_sim_msg_free(msg);
return NULL;
}
}
if (k_aut) {
wpa_printf(MSG_DEBUG, " AT_MAC");
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
}
return eap_sim_msg_finish(msg, respDataLen, k_aut, (u8 *) "", 0);
}
static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm,
struct eap_aka_data *data,
u8 id)
{
struct eap_sim_msg *msg;
wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification");
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method,
EAP_AKA_SUBTYPE_NOTIFICATION);
wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification);
eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
NULL, 0);
if (data->use_result_ind) {
if (data->reauth) {
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
EAP_SIM_AT_ENCR_DATA);
wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)",
data->counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
NULL, 0);
if (eap_sim_msg_add_encr_end(msg, data->k_encr,
EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Failed to "
"encrypt AT_ENCR_DATA");
eap_sim_msg_free(msg);
return NULL;
}
}
wpa_printf(MSG_DEBUG, " AT_MAC");
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
}
return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
}
static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
struct eap_sim_msg *msg, u16 counter,
const u8 *nonce_s)
{
os_free(data->next_pseudonym);
data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1);
os_free(data->next_reauth_id);
if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
data->next_reauth_id =
eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 1);
} else {
wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication "
"count exceeded - force full authentication");
data->next_reauth_id = NULL;
}
if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
counter == 0 && nonce_s == NULL)
return 0;
wpa_printf(MSG_DEBUG, " AT_IV");
wpa_printf(MSG_DEBUG, " AT_ENCR_DATA");
eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
if (counter > 0) {
wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter);
eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
}
if (nonce_s) {
wpa_printf(MSG_DEBUG, " *AT_NONCE_S");
eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s,
EAP_SIM_NONCE_S_LEN);
}
if (data->next_pseudonym) {
wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)",
data->next_pseudonym);
eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM,
os_strlen(data->next_pseudonym),
(u8 *) data->next_pseudonym,
os_strlen(data->next_pseudonym));
}
if (data->next_reauth_id) {
wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)",
data->next_reauth_id);
eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID,
os_strlen(data->next_reauth_id),
(u8 *) data->next_reauth_id,
os_strlen(data->next_reauth_id));
}
if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt "
"AT_ENCR_DATA");
return -1;
}
return 0;
}
