static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm, struct eap_aka_data *data, u8 id, const struct wpabuf *reqData, struct eap_sim_attrs *attr) { const u8 *identity; size_t identity_len; int res; struct eap_sim_attrs eattr; wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge"); if (attr->checkcode && eap_aka_verify_checkcode(data, attr->checkcode, attr->checkcode_len)) { wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the " "message"); return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } #ifdef EAP_AKA_PRIME if (data->eap_method == EAP_TYPE_AKA_PRIME) { if (!attr->kdf_input || attr->kdf_input_len == 0) { wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message " "did not include non-empty AT_KDF_INPUT"); /* Fail authentication as if AUTN had been incorrect */ return eap_aka_authentication_reject(data, id); } os_free(data->network_name); data->network_name = os_malloc(attr->kdf_input_len); if (data->network_name == NULL) { wpa_printf(MSG_WARNING, "EAP-AKA': No memory for " "storing Network Name"); return eap_aka_authentication_reject(data, id); } os_memcpy(data->network_name, attr->kdf_input, attr->kdf_input_len); data->network_name_len = attr->kdf_input_len; wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name " "(AT_KDF_INPUT)", data->network_name, data->network_name_len); /* TODO: check Network Name per 3GPP.33.402 */ if (!eap_aka_prime_kdf_valid(data, attr)) return eap_aka_authentication_reject(data, id); if (attr->kdf[0] != EAP_AKA_PRIME_KDF) return eap_aka_prime_kdf_neg(data, id, attr); data->kdf = EAP_AKA_PRIME_KDF; wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf); } if (data->eap_method == EAP_TYPE_AKA && attr->bidding) { u16 flags = WPA_GET_BE16(attr->bidding); if ((flags & EAP_AKA_BIDDING_FLAG_D) && eap_allowed_method(sm, EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME)) { wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from " "AKA' to AKA detected"); /* Fail authentication as if AUTN had been incorrect */ return eap_aka_authentication_reject(data, id); } } #endif /* EAP_AKA_PRIME */ data->reauth = 0; if (!attr->mac || !attr->rand || !attr->autn) { wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " "did not include%s%s%s", !attr->mac ? " AT_MAC" : "", !attr->rand ? " AT_RAND" : "", !attr->autn ? " AT_AUTN" : ""); return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN); os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN); res = eap_aka_umts_auth(sm, data); if(res != 0) { wpa_printf(MSG_ERROR, "EAP-AKA: No more data send to APDU server"); //SCardDisconnect(0,0); } if (res == -1) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication " "failed (AUTN)"); return eap_aka_authentication_reject(data, id); } else if (res == -2) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication " "failed (AUTN seq# -> AUTS)"); return eap_aka_synchronization_failure(data, id); } else if (res) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed"); return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } #ifdef EAP_AKA_PRIME if (data->eap_method == EAP_TYPE_AKA_PRIME) { /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the * needed 6-octet SQN ^ AK for CK',IK' derivation */ u16 amf = WPA_GET_BE16(data->autn + 6); if (!(amf & 0x8000)) { wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit " "not set (AMF=0x%4x)", amf); return eap_aka_authentication_reject(data, id); } eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik, data->autn, data->network_name, data->network_name_len); } #endif /* EAP_AKA_PRIME */ if (data->last_eap_identity) { identity = data->last_eap_identity; identity_len = data->last_eap_identity_len; } else if (data->pseudonym) { identity = data->pseudonym; identity_len = data->pseudonym_len; } else identity = eap_get_config_identity(sm, &identity_len); wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK " "derivation", identity, identity_len); if (data->eap_method == EAP_TYPE_AKA_PRIME) { eap_aka_prime_derive_keys(identity, identity_len, data->ik, data->ck, data->k_encr, data->k_aut, data->k_re, data->msk, data->emsk); } else { eap_aka_derive_mk(identity, identity_len, data->ik, data->ck, data->mk); eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, data->emsk); } if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) { wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " "used invalid AT_MAC"); return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } /* Old reauthentication identity must not be used anymore. In * other words, if no new identities are received, full * authentication will be used on next reauthentication (using * pseudonym identity or permanent identity). */ eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID); if (attr->encr_data) { u8 *decrypted; decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, attr->encr_data_len, attr->iv, &eattr, 0); if (decrypted == NULL) { return eap_aka_client_error( data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } eap_aka_learn_ids(sm, data, &eattr); os_free(decrypted); } if (data->result_ind && attr->result_ind) data->use_result_ind = 1; if (data->state != FAILURE && data->state != RESULT_FAILURE) { eap_aka_state(data, data->use_result_ind ? RESULT_SUCCESS : SUCCESS); } data->num_id_req = 0; data->num_notification = 0; /* RFC 4187 specifies that counter is initialized to one after * fullauth, but initializing it to zero makes it easier to implement * reauth verification. */ data->counter = 0; return eap_aka_response_challenge(data, id); }
static u8 * eap_aka_process_challenge(struct eap_sm *sm, struct eap_aka_data *data, const struct eap_hdr *req, size_t reqDataLen, size_t *respDataLen, struct eap_sim_attrs *attr) { const u8 *identity; size_t identity_len; int res; struct eap_sim_attrs eattr; wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge"); data->reauth = 0; if (!attr->mac || !attr->rand || !attr->autn) { wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " "did not include%s%s%s", !attr->mac ? " AT_MAC" : "", !attr->rand ? " AT_RAND" : "", !attr->autn ? " AT_AUTN" : ""); return eap_aka_client_error(data, req, respDataLen, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN); os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN); res = eap_aka_umts_auth(sm, data); if (res == -1) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication " "failed (AUTN)"); return eap_aka_authentication_reject(data, req, respDataLen); } else if (res == -2) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication " "failed (AUTN seq# -> AUTS)"); return eap_aka_synchronization_failure(data, req, respDataLen); } else if (res) { wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed"); return eap_aka_client_error(data, req, respDataLen, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } if (data->last_eap_identity) { identity = data->last_eap_identity; identity_len = data->last_eap_identity_len; } else if (data->pseudonym) { identity = data->pseudonym; identity_len = data->pseudonym_len; } else identity = eap_get_config_identity(sm, &identity_len); wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK " "derivation", identity, identity_len); eap_aka_derive_mk(identity, identity_len, data->ik, data->ck, data->mk); eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, data->emsk); if (eap_sim_verify_mac(data->k_aut, (const u8 *) req, reqDataLen, attr->mac, (u8 *) "", 0)) { wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " "used invalid AT_MAC"); return eap_aka_client_error(data, req, respDataLen, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } /* Old reauthentication and pseudonym identities must not be used * anymore. In other words, if no new identities are received, full * authentication will be used on next reauthentication. */ eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID | CLEAR_EAP_ID); if (attr->encr_data) { u8 *decrypted; decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, attr->encr_data_len, attr->iv, &eattr, 0); if (decrypted == NULL) { return eap_aka_client_error( data, req, respDataLen, EAP_AKA_UNABLE_TO_PROCESS_PACKET); } eap_aka_learn_ids(data, &eattr); os_free(decrypted); } if (data->state != FAILURE) data->state = SUCCESS; data->num_id_req = 0; data->num_notification = 0; /* RFC 4187 specifies that counter is initialized to one after * fullauth, but initializing it to zero makes it easier to implement * reauth verification. */ data->counter = 0; return eap_aka_response_challenge(data, req, respDataLen); }