Esempio n. 1
0
static struct wpabuf * eap_aka_process_reauthentication(
    struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    const struct wpabuf *reqData, struct eap_sim_attrs *attr)
{
    struct eap_sim_attrs eattr;
    u8 *decrypted;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Reauthentication");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (data->reauth_id == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Server is trying "
                   "reauthentication, but no reauth_id available");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    data->reauth = 1;
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "did not have valid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (attr->encr_data == NULL || attr->iv == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "message did not include encrypted data");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                   attr->encr_data_len, attr->iv, &eattr,
                                   0);
    if (decrypted == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
                   "data from reauthentication message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.nonce_s == NULL || eattr.counter < 0) {
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) No%s%s in reauth packet",
                   !eattr.nonce_s ? " AT_NONCE_S" : "",
                   eattr.counter < 0 ? " AT_COUNTER" : "");
        os_free(decrypted);
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
        struct wpabuf *res;
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) Invalid counter "
                   "(%d <= %d)", eattr.counter, data->counter);
        data->counter_too_small = eattr.counter;

        /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
         * reauth_id must not be used to start a new reauthentication.
         * However, since it was used in the last EAP-Response-Identity
         * packet, it has to saved for the following fullauth to be
         * used in MK derivation. */
        os_free(data->last_eap_identity);
        data->last_eap_identity = data->reauth_id;
        data->last_eap_identity_len = data->reauth_id_len;
        data->reauth_id = NULL;
        data->reauth_id_len = 0;

        res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s);
        os_free(decrypted);

        return res;
    }
    data->counter = eattr.counter;

    os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
    wpa_hexdump(MSG_DEBUG, "EAP-AKA: (encr) AT_NONCE_S",
                data->nonce_s, EAP_SIM_NONCE_S_LEN);

    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
                                         data->reauth_id,
                                         data->reauth_id_len,
                                         data->nonce_s,
                                         data->msk, data->emsk);
    } else {
        eap_sim_derive_keys_reauth(data->counter, data->reauth_id,
                                   data->reauth_id_len,
                                   data->nonce_s, data->mk,
                                   data->msk, data->emsk);
    }
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    eap_aka_learn_ids(sm, data, &eattr);

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
        wpa_printf(MSG_DEBUG, "EAP-AKA: Maximum number of "
                   "fast reauths performed - force fullauth");
        eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    }
    os_free(decrypted);
    return eap_aka_response_reauth(data, id, 0, data->nonce_s);
}
Esempio n. 2
0
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
        struct eap_aka_data *data,
        u8 id,
        const struct wpabuf *reqData,
        struct eap_sim_attrs *attr)
{
    const u8 *identity;
    size_t identity_len;
    int res;
    struct eap_sim_attrs eattr;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        if (!attr->kdf_input || attr->kdf_input_len == 0) {
            wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message "
                       "did not include non-empty AT_KDF_INPUT");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
        os_free(data->network_name);
        data->network_name = os_malloc(attr->kdf_input_len);
        if (data->network_name == NULL) {
            wpa_printf(MSG_WARNING, "EAP-AKA': No memory for "
                       "storing Network Name");
            return eap_aka_authentication_reject(data, id);
        }
        os_memcpy(data->network_name, attr->kdf_input,
                  attr->kdf_input_len);
        data->network_name_len = attr->kdf_input_len;
        wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name "
                          "(AT_KDF_INPUT)",
                          data->network_name, data->network_name_len);
        /* TODO: check Network Name per 3GPP.33.402 */

        if (!eap_aka_prime_kdf_valid(data, attr))
            return eap_aka_authentication_reject(data, id);

        if (attr->kdf[0] != EAP_AKA_PRIME_KDF)
            return eap_aka_prime_kdf_neg(data, id, attr);

        data->kdf = EAP_AKA_PRIME_KDF;
        wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
    }

    if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
        u16 flags = WPA_GET_BE16(attr->bidding);
        if ((flags & EAP_AKA_BIDDING_FLAG_D) &&
                eap_allowed_method(sm, EAP_VENDOR_IETF,
                                   EAP_TYPE_AKA_PRIME)) {
            wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from "
                       "AKA' to AKA detected");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
    }
#endif /* EAP_AKA_PRIME */

    data->reauth = 0;
    if (!attr->mac || !attr->rand || !attr->autn) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "did not include%s%s%s",
                   !attr->mac ? " AT_MAC" : "",
                   !attr->rand ? " AT_RAND" : "",
                   !attr->autn ? " AT_AUTN" : "");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
    os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
    os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

    res = eap_aka_umts_auth(sm, data);
    if(res != 0) {
        wpa_printf(MSG_ERROR, "EAP-AKA: No more data send to APDU server");
        //SCardDisconnect(0,0);
    }
    if (res == -1) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN)");
        return eap_aka_authentication_reject(data, id);
    } else if (res == -2) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN seq# -> AUTS)");
        return eap_aka_synchronization_failure(data, id);
    } else if (res) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
         * needed 6-octet SQN ^ AK for CK',IK' derivation */
        u16 amf = WPA_GET_BE16(data->autn + 6);
        if (!(amf & 0x8000)) {
            wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
                       "not set (AMF=0x%4x)", amf);
            return eap_aka_authentication_reject(data, id);
        }
        eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
                                         data->autn,
                                         data->network_name,
                                         data->network_name_len);
    }
#endif /* EAP_AKA_PRIME */
    if (data->last_eap_identity) {
        identity = data->last_eap_identity;
        identity_len = data->last_eap_identity_len;
    } else if (data->pseudonym) {
        identity = data->pseudonym;
        identity_len = data->pseudonym_len;
    } else
        identity = eap_get_config_identity(sm, &identity_len);
    wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
                      "derivation", identity, identity_len);
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys(identity, identity_len, data->ik,
                                  data->ck, data->k_encr, data->k_aut,
                                  data->k_re, data->msk, data->emsk);
    } else {
        eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
                          data->mk);
        eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
                            data->msk, data->emsk);
    }
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "used invalid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    /* Old reauthentication identity must not be used anymore. In
     * other words, if no new identities are received, full
     * authentication will be used on next reauthentication (using
     * pseudonym identity or permanent identity). */
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);

    if (attr->encr_data) {
        u8 *decrypted;
        decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                       attr->encr_data_len, attr->iv,
                                       &eattr, 0);
        if (decrypted == NULL) {
            return eap_aka_client_error(
                       data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        }
        eap_aka_learn_ids(sm, data, &eattr);
        os_free(decrypted);
    }

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    /* RFC 4187 specifies that counter is initialized to one after
     * fullauth, but initializing it to zero makes it easier to implement
     * reauth verification. */
    data->counter = 0;
    return eap_aka_response_challenge(data, id);
}
Esempio n. 3
0
static u8 * eap_aka_process_challenge(struct eap_sm *sm,
				      struct eap_aka_data *data,
				      const struct eap_hdr *req,
				      size_t reqDataLen,
				      size_t *respDataLen,
				      struct eap_sim_attrs *attr)
{
	const u8 *identity;
	size_t identity_len;
	int res;
	struct eap_sim_attrs eattr;

	wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");
	data->reauth = 0;
	if (!attr->mac || !attr->rand || !attr->autn) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "did not include%s%s%s",
			   !attr->mac ? " AT_MAC" : "",
			   !attr->rand ? " AT_RAND" : "",
			   !attr->autn ? " AT_AUTN" : "");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
	os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

	res = eap_aka_umts_auth(sm, data);
	if (res == -1) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN)");
		return eap_aka_authentication_reject(data, req, respDataLen);
	} else if (res == -2) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN seq# -> AUTS)");
		return eap_aka_synchronization_failure(data, req, respDataLen);
	} else if (res) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	if (data->last_eap_identity) {
		identity = data->last_eap_identity;
		identity_len = data->last_eap_identity_len;
	} else if (data->pseudonym) {
		identity = data->pseudonym;
		identity_len = data->pseudonym_len;
	} else
		identity = eap_get_config_identity(sm, &identity_len);
	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
			  "derivation", identity, identity_len);
	eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
			  data->mk);
	eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
			    data->emsk);
	if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen,
			       attr->mac, (u8 *) "", 0)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "used invalid AT_MAC");
		return eap_aka_client_error(data, req, respDataLen,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	/* Old reauthentication and pseudonym identities must not be used
	 * anymore. In other words, if no new identities are received, full
	 * authentication will be used on next reauthentication. */
	eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
				 CLEAR_EAP_ID);

	if (attr->encr_data) {
		u8 *decrypted;
		decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
					       attr->encr_data_len, attr->iv,
					       &eattr, 0);
		if (decrypted == NULL) {
			return eap_aka_client_error(
				data, req, respDataLen,
				EAP_AKA_UNABLE_TO_PROCESS_PACKET);
		}
		eap_aka_learn_ids(data, &eattr);
		os_free(decrypted);
	}

	if (data->state != FAILURE)
		data->state = SUCCESS;

	data->num_id_req = 0;
	data->num_notification = 0;
	/* RFC 4187 specifies that counter is initialized to one after
	 * fullauth, but initializing it to zero makes it easier to implement
	 * reauth verification. */
	data->counter = 0;
	return eap_aka_response_challenge(data, req, respDataLen);
}