static int scard_test(void)
{
struct scard_data *scard;
size_t len;
char imsi[20];
unsigned char rand[16];
unsigned char sres[4];
unsigned char kc[8];
const int num_triplets = 5;
unsigned char rand_[num_triplets][16];
unsigned char sres_[num_triplets][4];
unsigned char kc_[num_triplets][8];
int i, j;
scard = scard_init(SCARD_TRY_BOTH, "1234");
if (scard == NULL)
return -1;
len = sizeof(imsi);
if (scard_get_imsi(scard, imsi, &len))
goto failed;
wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", imsi, len);
/* NOTE: Permanent Username: 1 | IMSI */
memset(rand, 0, sizeof(rand));
if (scard_gsm_auth(scard, rand, sres, kc))
goto failed;
memset(rand, 0xff, sizeof(rand));
if (scard_gsm_auth(scard, rand, sres, kc))
goto failed;
for (i = 0; i < num_triplets; i++) {
memset(rand_[i], i, sizeof(rand_[i]));
if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
goto failed;
}
for (i = 0; i < num_triplets; i++) {
printf("1");
for (j = 0; j < len; j++)
printf("%c", imsi[j]);
printf(",");
for (j = 0; j < 16; j++)
printf("%02X", rand_[i][j]);
printf(",");
for (j = 0; j < 4; j++)
printf("%02X", sres_[i][j]);
printf(",");
for (j = 0; j < 8; j++)
printf("%02X", kc_[i][j]);
printf("\n");
}
failed:
scard_deinit(scard);
return 0;
}
static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
{
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
#ifdef PCSC_FUNCS
if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
data->sres[0], data->kc[0]) ||
scard_gsm_auth(sm->scard_ctx, data->rand[1],
data->sres[1], data->kc[1]) ||
(data->num_chal > 2 &&
scard_gsm_auth(sm->scard_ctx, data->rand[2],
data->sres[2], data->kc[2]))) {
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM authentication could "
"not be completed");
return -1;
}
#else /* PCSC_FUNCS */
/* These hardcoded Kc and SRES values are used for testing. RAND to
* KC/SREC mapping is very bogus as far as real authentication is
* concerned, but it is quite useful for cases where the AS is rotating
* the order of pre-configured values. */
{
int i;
for (i = 0; i < data->num_chal; i++) {
if (data->rand[i][0] == 0xaa) {
memcpy(data->kc[i],
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
KC_LEN);
memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
SRES_LEN);
} else if (data->rand[i][0] == 0xbb) {
memcpy(data->kc[i],
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
KC_LEN);
memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
SRES_LEN);
} else {
memcpy(data->kc[i],
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
KC_LEN);
memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
SRES_LEN);
}
}
}
#endif /* PCSC_FUNCS */
return 0;
}
static int scard_get_triplets(int argc, char *argv[])
{
struct scard_data *scard;
size_t len;
char imsi[20];
unsigned char rand[16];
unsigned char sres[4];
unsigned char kc[8];
int num_triplets;
int i, j;
if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
printf("invalid parameters for sim command\n");
return -1;
}
if (argc <= 2 || strcmp(argv[2], "debug") != 0) {
/* disable debug output */
wpa_debug_level = 99;
}
scard = scard_init(SCARD_GSM_SIM_ONLY, argv[0]);
if (scard == NULL) {
printf("Failed to open smartcard connection\n");
return -1;
}
len = sizeof(imsi);
if (scard_get_imsi(scard, imsi, &len)) {
scard_deinit(scard);
return -1;
}
for (i = 0; i < num_triplets; i++) {
memset(rand, i, sizeof(rand));
if (scard_gsm_auth(scard, rand, sres, kc))
break;
/* IMSI:Kc:SRES:RAND */
for (j = 0; j < len; j++)
printf("%c", imsi[j]);
printf(":");
for (j = 0; j < 8; j++)
printf("%02X", kc[j]);
printf(":");
for (j = 0; j < 4; j++)
printf("%02X", sres[j]);
printf(":");
for (j = 0; j < 16; j++)
printf("%02X", rand[j]);
printf("\n");
}
scard_deinit(scard);
return 0;
}
static int scard_test(void)
{
struct scard_data *scard;
size_t len;
char imsi[20];
unsigned char _rand[16];
#ifdef PCSC_FUNCS
unsigned char sres[4];
unsigned char kc[8];
#endif /* PCSC_FUNCS */
#define num_triplets 5
unsigned char rand_[num_triplets][16];
unsigned char sres_[num_triplets][4];
unsigned char kc_[num_triplets][8];
int i, res;
size_t j;
#define AKA_RAND_LEN 16
#define AKA_AUTN_LEN 16
#define AKA_AUTS_LEN 14
#define RES_MAX_LEN 16
#define IK_LEN 16
#define CK_LEN 16
unsigned char aka_rand[AKA_RAND_LEN];
unsigned char aka_autn[AKA_AUTN_LEN];
unsigned char aka_auts[AKA_AUTS_LEN];
unsigned char aka_res[RES_MAX_LEN];
size_t aka_res_len;
unsigned char aka_ik[IK_LEN];
unsigned char aka_ck[CK_LEN];
scard = scard_init(SCARD_TRY_BOTH);
if (scard == NULL)
return -1;
if (scard_set_pin(scard, "1234")) {
wpa_printf(MSG_WARNING, "PIN validation failed");
scard_deinit(scard);
return -1;
}
len = sizeof(imsi);
if (scard_get_imsi(scard, imsi, &len))
goto failed;
wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
/* NOTE: Permanent Username: 1 | IMSI */
os_memset(_rand, 0, sizeof(_rand));
if (scard_gsm_auth(scard, _rand, sres, kc))
goto failed;
os_memset(_rand, 0xff, sizeof(_rand));
if (scard_gsm_auth(scard, _rand, sres, kc))
goto failed;
for (i = 0; i < num_triplets; i++) {
os_memset(rand_[i], i, sizeof(rand_[i]));
if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
goto failed;
}
for (i = 0; i < num_triplets; i++) {
printf("1");
for (j = 0; j < len; j++)
printf("%c", imsi[j]);
printf(",");
for (j = 0; j < 16; j++)
printf("%02X", rand_[i][j]);
printf(",");
for (j = 0; j < 4; j++)
printf("%02X", sres_[i][j]);
printf(",");
for (j = 0; j < 8; j++)
printf("%02X", kc_[i][j]);
printf("\n");
}
wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
/* seq 39 (0x28) */
os_memset(aka_rand, 0xaa, 16);
os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
"\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
aka_ik, aka_ck, aka_auts);
if (res == 0) {
wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
} else if (res == -2) {
wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
"failure");
wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
} else {
wpa_printf(MSG_DEBUG, "UMTS auth failed");
}
failed:
scard_deinit(scard);
return 0;
#undef num_triplets
}
static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
{
struct eap_peer_config *conf;
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
conf = eap_get_config(sm);
if (conf == NULL)
return -1;
if (conf->pcsc) {
if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
data->sres[0], data->kc[0]) ||
scard_gsm_auth(sm->scard_ctx, data->rand[1],
data->sres[1], data->kc[1]) ||
(data->num_chal > 2 &&
scard_gsm_auth(sm->scard_ctx, data->rand[2],
data->sres[2], data->kc[2]))) {
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
"authentication could not be completed");
return -1;
}
return 0;
}
#ifdef CONFIG_SIM_SIMULATOR
if (conf->password) {
u8 opc[16], k[16];
const char *pos;
size_t i;
wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
"implementation for authentication");
if (conf->password_len < 65) {
wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
"password");
return -1;
}
pos = (const char *) conf->password;
if (hexstr2bin(pos, k, 16))
return -1;
pos += 32;
if (*pos != ':')
return -1;
pos++;
if (hexstr2bin(pos, opc, 16))
return -1;
for (i = 0; i < data->num_chal; i++) {
if (gsm_milenage(opc, k, data->rand[i],
data->sres[i], data->kc[i])) {
wpa_printf(MSG_DEBUG, "EAP-SIM: "
"GSM-Milenage authentication "
"could not be completed");
return -1;
}
wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
data->rand[i], GSM_RAND_LEN);
wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
data->sres[i], EAP_SIM_SRES_LEN);
wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
data->kc[i], EAP_SIM_KC_LEN);
}
return 0;
}
#endif /* CONFIG_SIM_SIMULATOR */
#ifdef CONFIG_SIM_HARDCODED
/* These hardcoded Kc and SRES values are used for testing. RAND to
* KC/SREC mapping is very bogus as far as real authentication is
* concerned, but it is quite useful for cases where the AS is rotating
* the order of pre-configured values. */
{
size_t i;
wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
"values for testing");
for (i = 0; i < data->num_chal; i++) {
if (data->rand[i][0] == 0xaa) {
os_memcpy(data->kc[i],
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
EAP_SIM_KC_LEN);
os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
EAP_SIM_SRES_LEN);
} else if (data->rand[i][0] == 0xbb) {
os_memcpy(data->kc[i],
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
EAP_SIM_KC_LEN);
os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
EAP_SIM_SRES_LEN);
} else {
os_memcpy(data->kc[i],
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
EAP_SIM_KC_LEN);
os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
EAP_SIM_SRES_LEN);
}
}
}
return 0;
#else /* CONFIG_SIM_HARDCODED */
wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
"enabled");
return -1;
#endif /* CONFIG_SIM_HARDCODED */
}
static int scard_get_triplets(struct eapol_test_data *e, int argc, char *argv[])
{
struct scard_data *scard;
size_t len;
char imsi[20];
unsigned char _rand[16];
unsigned char sres[4];
unsigned char kc[8];
int num_triplets;
int i;
size_t j;
if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
printf("invalid parameters for sim command\n");
return -1;
}
if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
/* disable debug output */
wpa_debug_level = 99;
}
scard = scard_init(e->pcsc_reader);
if (scard == NULL) {
printf("Failed to open smartcard connection\n");
return -1;
}
if (scard_set_pin(scard, argv[0])) {
wpa_printf(MSG_WARNING, "PIN validation failed");
scard_deinit(scard);
return -1;
}
len = sizeof(imsi);
if (scard_get_imsi(scard, imsi, &len)) {
scard_deinit(scard);
return -1;
}
for (i = 0; i < num_triplets; i++) {
os_memset(_rand, i, sizeof(_rand));
if (scard_gsm_auth(scard, _rand, sres, kc))
break;
/* IMSI:Kc:SRES:RAND */
for (j = 0; j < len; j++)
printf("%c", imsi[j]);
printf(":");
for (j = 0; j < 8; j++)
printf("%02X", kc[j]);
printf(":");
for (j = 0; j < 4; j++)
printf("%02X", sres[j]);
printf(":");
for (j = 0; j < 16; j++)
printf("%02X", _rand[j]);
printf("\n");
}
scard_deinit(scard);
return 0;
}
