Exemplo n.º 1
0
static struct wpabuf * eap_aka_process_notification(
    struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    const struct wpabuf *reqData, struct eap_sim_attrs *attr)
{
    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Notification");
    if (data->num_notification > 0) {
        wpa_printf(MSG_INFO, "EAP-AKA: too many notification "
                   "rounds (only one allowed)");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
    data->num_notification++;
    if (attr->notification == -1) {
        wpa_printf(MSG_INFO, "EAP-AKA: no AT_NOTIFICATION in "
                   "Notification message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if ((attr->notification & 0x4000) == 0 &&
            eap_aka_process_notification_auth(data, reqData, attr)) {
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    eap_sim_report_notification(sm->msg_ctx, attr->notification, 1);
    if (attr->notification >= 0 && attr->notification < 32768) {
        eap_aka_state(data, FAILURE);
    } else if (attr->notification == EAP_SIM_SUCCESS &&
               data->state == RESULT_SUCCESS)
        eap_aka_state(data, SUCCESS);
    return eap_aka_response_notification(data, id, attr->notification);
}
Exemplo n.º 2
0
static void eap_aka_process_sync_failure(struct eap_sm *sm,
					 struct eap_aka_data *data,
					 struct wpabuf *respData,
					 struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure");

	if (attr->auts == NULL) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure "
			   "message did not include valid AT_AUTS");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	/* Avoid re-reporting AUTS when processing pending EAP packet by
	 * maintaining a local flag stating whether this AUTS has already been
	 * reported. */
	if (!data->auts_reported &&
	    eap_sim_db_resynchronize(sm->eap_sim_db_priv, sm->identity,
				     sm->identity_len, attr->auts,
				     data->rand)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}
	data->auts_reported = 1;

	/* Try again after resynchronization */
	eap_aka_determine_identity(sm, data, 0, 0);
}
Exemplo n.º 3
0
static void eap_aka_process_notification(struct eap_sm *sm,
					 struct eap_aka_data *data,
					 struct wpabuf *respData,
					 struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification");
	if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
		eap_aka_state(data, SUCCESS);
	else
		eap_aka_state(data, FAILURE);
}
Exemplo n.º 4
0
static void eap_aka_process_client_error(struct eap_sm *sm,
					 struct eap_aka_data *data,
					 struct wpabuf *respData,
					 struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d",
		   attr->client_error_code);
	if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
		eap_aka_state(data, SUCCESS);
	else
		eap_aka_state(data, FAILURE);
}
Exemplo n.º 5
0
static void eap_aka_process_authentication_reject(
	struct eap_sm *sm, struct eap_aka_data *data,
	struct wpabuf *respData, struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication");
	eap_aka_state(data, FAILURE);
}
Exemplo n.º 6
0
static void * eap_aka_init(struct eap_sm *sm)
{
	struct eap_aka_data *data;
	const char *phase1 = eap_get_config_phase1(sm);
	struct eap_peer_config *config = eap_get_config(sm);

	data = os_zalloc(sizeof(*data));
	if (data == NULL)
		return NULL;

	data->eap_method = EAP_TYPE_AKA;

	eap_aka_state(data, CONTINUE);
	data->prev_id = -1;

	data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;

	if (config && config->anonymous_identity) {
		data->pseudonym = os_malloc(config->anonymous_identity_len);
		if (data->pseudonym) {
			os_memcpy(data->pseudonym, config->anonymous_identity,
				  config->anonymous_identity_len);
			data->pseudonym_len = config->anonymous_identity_len;
		}
	}

	return data;
}
Exemplo n.º 7
0
static void eap_aka_process_identity(struct eap_sm *sm,
				     struct eap_aka_data *data,
				     struct wpabuf *respData,
				     struct eap_sim_attrs *attr)
{
	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");

	if (attr->mac || attr->iv || attr->encr_data) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
			   "received in EAP-Response/AKA-Identity");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	if (attr->identity) {
		os_free(sm->identity);
		sm->identity = os_malloc(attr->identity_len);
		if (sm->identity) {
			os_memcpy(sm->identity, attr->identity,
				  attr->identity_len);
			sm->identity_len = attr->identity_len;
		}
	}

	eap_aka_determine_identity(sm, data, 0, 0);
	if (eap_get_id(respData) == data->pending_id) {
		data->pending_id = -1;
		eap_aka_add_id_msg(data, respData);
	}
}
Exemplo n.º 8
0
static void eap_aka_process_identity(struct eap_sm *sm,
				     struct eap_aka_data *data,
				     struct wpabuf *respData,
				     struct eap_sim_attrs *attr)
{
	u8 *new_identity;

	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");

	if (attr->mac || attr->iv || attr->encr_data) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute "
			   "received in EAP-Response/AKA-Identity");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	/*
	 * We always request identity with AKA/Identity, so the peer is
	 * required to have replied with one.
	 */
	if (!attr->identity || attr->identity_len == 0) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
			   "identity");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	new_identity = os_malloc(attr->identity_len);
	if (new_identity == NULL) {
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}
	os_free(sm->identity);
	sm->identity = new_identity;
	os_memcpy(sm->identity, attr->identity, attr->identity_len);
	sm->identity_len = attr->identity_len;

	eap_aka_determine_identity(sm, data);
	if (eap_get_id(respData) == data->pending_id) {
		data->pending_id = -1;
		eap_aka_add_id_msg(data, respData);
	}
}
Exemplo n.º 9
0
static void * eap_aka_init_for_reauth(struct eap_sm *sm, void *priv)
{
    struct eap_aka_data *data = priv;
    data->num_id_req = 0;
    data->num_notification = 0;
    eap_aka_state(data, CONTINUE);
    return priv;
}
Exemplo n.º 10
0
static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id,
        int err)
{
    struct eap_sim_msg *msg;

    eap_aka_state(data, FAILURE);
    data->num_id_req = 0;
    data->num_notification = 0;

    msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
                           EAP_AKA_SUBTYPE_CLIENT_ERROR);
    eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
    return eap_sim_msg_finish(msg, NULL, NULL, 0);
}
Exemplo n.º 11
0
static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data,
        u8 id)
{
    struct eap_sim_msg *msg;

    eap_aka_state(data, FAILURE);
    data->num_id_req = 0;
    data->num_notification = 0;

    wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject "
               "(id=%d)", id);
    msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method,
                           EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT);
    return eap_sim_msg_finish(msg, NULL, NULL, 0);
}
Exemplo n.º 12
0
static void * eap_aka_init(struct eap_sm *sm)
{
	struct eap_aka_data *data;
	const char *phase1 = eap_get_config_phase1(sm);

	data = os_zalloc(sizeof(*data));
	if (data == NULL)
		return NULL;

	eap_aka_state(data, CONTINUE);
	data->prev_id = -1;

	data->result_ind = phase1 && os_strstr(phase1, "result_ind=1") != NULL;

	return data;
}
Exemplo n.º 13
0
static int eap_aka_check_identity_reauth(struct eap_sm *sm,
					 struct eap_aka_data *data,
					 const char *username)
{
	if (data->eap_method == EAP_TYPE_AKA_PRIME &&
	    username[0] != EAP_AKA_PRIME_REAUTH_ID_PREFIX)
		return 0;
	if (data->eap_method == EAP_TYPE_AKA &&
	    username[0] != EAP_AKA_REAUTH_ID_PREFIX)
		return 0;

	wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username);
	data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
						   username);
	if (data->reauth == NULL) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
			   "request full auth identity");
		/* Remain in IDENTITY state for another round */
		return 0;
	}

	wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast re-authentication");
	os_strlcpy(data->permanent, data->reauth->permanent,
		   sizeof(data->permanent));
	data->counter = data->reauth->counter;
	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
		os_memcpy(data->k_encr, data->reauth->k_encr,
			  EAP_SIM_K_ENCR_LEN);
		os_memcpy(data->k_aut, data->reauth->k_aut,
			  EAP_AKA_PRIME_K_AUT_LEN);
		os_memcpy(data->k_re, data->reauth->k_re,
			  EAP_AKA_PRIME_K_RE_LEN);
	} else {
		os_memcpy(data->mk, data->reauth->mk, EAP_SIM_MK_LEN);
	}

	eap_aka_state(data, REAUTH);
	return 1;
}
Exemplo n.º 14
0
static void eap_aka_process(struct eap_sm *sm, void *priv,
			    struct wpabuf *respData)
{
	struct eap_aka_data *data = priv;
	const u8 *pos, *end;
	u8 subtype;
	size_t len;
	struct eap_sim_attrs attr;

	pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData,
			       &len);
	if (pos == NULL || len < 3)
		return;

	end = pos + len;
	subtype = *pos;
	pos += 3;

	if (eap_aka_subtype_ok(data, subtype)) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected "
			   "EAP-AKA Subtype in EAP Response");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	if (eap_sim_parse_attr(pos, end, &attr,
			       data->eap_method == EAP_TYPE_AKA_PRIME ? 2 : 1,
			       0)) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) {
		eap_aka_process_client_error(sm, data, respData, &attr);
		return;
	}

	if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) {
		eap_aka_process_authentication_reject(sm, data, respData,
						      &attr);
		return;
	}

	switch (data->state) {
	case IDENTITY:
		eap_aka_process_identity(sm, data, respData, &attr);
		break;
	case CHALLENGE:
		if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) {
			eap_aka_process_sync_failure(sm, data, respData,
						     &attr);
		} else {
			eap_aka_process_challenge(sm, data, respData, &attr);
		}
		break;
	case REAUTH:
		eap_aka_process_reauth(sm, data, respData, &attr);
		break;
	case NOTIFICATION:
		eap_aka_process_notification(sm, data, respData, &attr);
		break;
	default:
		wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in "
			   "process", data->state);
		break;
	}
}
Exemplo n.º 15
0
static void eap_aka_determine_identity(struct eap_sm *sm,
				       struct eap_aka_data *data)
{
	char *username;

	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
			  sm->identity, sm->identity_len);

	username = sim_get_username(sm->identity, sm->identity_len);
	if (username == NULL) {
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	if (eap_aka_check_identity_reauth(sm, data, username) > 0) {
		os_free(username);
		return;
	}

	if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
	      username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
	     (data->eap_method == EAP_TYPE_AKA &&
	      username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
	    data->identity_round == 1) {
		/* Remain in IDENTITY state for another round to request full
		 * auth identity since we did not recognize reauth id */
		os_free(username);
		return;
	}

	if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
	     username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
	    (data->eap_method == EAP_TYPE_AKA &&
	     username[0] == EAP_AKA_PSEUDONYM_PREFIX)) {
		const char *permanent;
		wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
			   username);
		permanent = eap_sim_db_get_permanent(
			sm->eap_sim_db_priv, username);
		os_free(username);
		if (permanent == NULL) {
			wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
				   "identity - request permanent identity");
			/* Remain in IDENTITY state for another round */
			return;
		}
		os_strlcpy(data->permanent, permanent,
			   sizeof(data->permanent));
	} else if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
		    username[0] == EAP_AKA_PRIME_PERMANENT_PREFIX) ||
		   (data->eap_method == EAP_TYPE_AKA &&
		    username[0] == EAP_AKA_PERMANENT_PREFIX)) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent username '%s'",
			   username);
		os_strlcpy(data->permanent, username, sizeof(data->permanent));
		os_free(username);
	} else {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized username '%s'",
			   username);
		os_free(username);
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	eap_aka_fullauth(sm, data);
}
Exemplo n.º 16
0
static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
{
	size_t identity_len;
	int res;

	res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
				      data->rand, data->autn, data->ik,
				      data->ck, data->res, &data->res_len, sm);
	if (res == EAP_SIM_DB_PENDING) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
			   "not yet available - pending request");
		sm->method_pending = METHOD_PENDING_WAIT;
		return;
	}

#ifdef EAP_SERVER_AKA_PRIME
	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
		/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
		 * needed 6-octet SQN ^AK for CK',IK' derivation */
		eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
						 data->autn,
						 data->network_name,
						 data->network_name_len);
	}
#endif /* EAP_SERVER_AKA_PRIME */

	data->reauth = NULL;
	data->counter = 0; /* reset re-auth counter since this is full auth */

	if (res != 0) {
		wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA "
			   "authentication data for the peer");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}
	if (sm->method_pending == METHOD_PENDING_WAIT) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
			   "available - abort pending wait");
		sm->method_pending = METHOD_PENDING_NONE;
	}

	identity_len = sm->identity_len;
	while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
			   "character from identity");
		identity_len--;
	}
	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
			  sm->identity, identity_len);

	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
		eap_aka_prime_derive_keys(sm->identity, identity_len, data->ik,
					  data->ck, data->k_encr, data->k_aut,
					  data->k_re, data->msk, data->emsk);
	} else {
		eap_aka_derive_mk(sm->identity, identity_len, data->ik,
				  data->ck, data->mk);
		eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
				    data->msk, data->emsk);
	}

	eap_aka_state(data, CHALLENGE);
}
Exemplo n.º 17
0
static struct wpabuf * eap_aka_process_reauthentication(
    struct eap_sm *sm, struct eap_aka_data *data, u8 id,
    const struct wpabuf *reqData, struct eap_sim_attrs *attr)
{
    struct eap_sim_attrs eattr;
    u8 *decrypted;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Reauthentication");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (data->reauth_id == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Server is trying "
                   "reauthentication, but no reauth_id available");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    data->reauth = 1;
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "did not have valid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (attr->encr_data == NULL || attr->iv == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
                   "message did not include encrypted data");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                   attr->encr_data_len, attr->iv, &eattr,
                                   0);
    if (decrypted == NULL) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
                   "data from reauthentication message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.nonce_s == NULL || eattr.counter < 0) {
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) No%s%s in reauth packet",
                   !eattr.nonce_s ? " AT_NONCE_S" : "",
                   eattr.counter < 0 ? " AT_COUNTER" : "");
        os_free(decrypted);
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
        struct wpabuf *res;
        wpa_printf(MSG_INFO, "EAP-AKA: (encr) Invalid counter "
                   "(%d <= %d)", eattr.counter, data->counter);
        data->counter_too_small = eattr.counter;

        /* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
         * reauth_id must not be used to start a new reauthentication.
         * However, since it was used in the last EAP-Response-Identity
         * packet, it has to saved for the following fullauth to be
         * used in MK derivation. */
        os_free(data->last_eap_identity);
        data->last_eap_identity = data->reauth_id;
        data->last_eap_identity_len = data->reauth_id_len;
        data->reauth_id = NULL;
        data->reauth_id_len = 0;

        res = eap_aka_response_reauth(data, id, 1, eattr.nonce_s);
        os_free(decrypted);

        return res;
    }
    data->counter = eattr.counter;

    os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
    wpa_hexdump(MSG_DEBUG, "EAP-AKA: (encr) AT_NONCE_S",
                data->nonce_s, EAP_SIM_NONCE_S_LEN);

    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys_reauth(data->k_re, data->counter,
                                         data->reauth_id,
                                         data->reauth_id_len,
                                         data->nonce_s,
                                         data->msk, data->emsk);
    } else {
        eap_sim_derive_keys_reauth(data->counter, data->reauth_id,
                                   data->reauth_id_len,
                                   data->nonce_s, data->mk,
                                   data->msk, data->emsk);
    }
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    eap_aka_learn_ids(sm, data, &eattr);

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    if (data->counter > EAP_AKA_MAX_FAST_REAUTHS) {
        wpa_printf(MSG_DEBUG, "EAP-AKA: Maximum number of "
                   "fast reauths performed - force fullauth");
        eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    }
    os_free(decrypted);
    return eap_aka_response_reauth(data, id, 0, data->nonce_s);
}
Exemplo n.º 18
0
static void eap_aka_process_reauth(struct eap_sm *sm,
				   struct eap_aka_data *data,
				   struct wpabuf *respData,
				   struct eap_sim_attrs *attr)
{
	struct eap_sim_attrs eattr;
	u8 *decrypted = NULL;
	const u8 *identity, *id2;
	size_t identity_len, id2_len;

	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication");

	if (attr->mac == NULL ||
	    eap_aka_verify_mac(data, respData, attr->mac, data->nonce_s,
			       EAP_SIM_NONCE_S_LEN)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
			   "did not include valid AT_MAC");
		goto fail;
	}

	if (attr->encr_data == NULL || attr->iv == NULL) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication "
			   "message did not include encrypted data");
		goto fail;
	}

	decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
				       attr->encr_data_len, attr->iv, &eattr,
				       0);
	if (decrypted == NULL) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted "
			   "data from reauthentication message");
		goto fail;
	}

	if (eattr.counter != data->counter) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message "
			   "used incorrect counter %u, expected %u",
			   eattr.counter, data->counter);
		goto fail;
	}
	os_free(decrypted);
	decrypted = NULL;

	wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes "
		   "the correct AT_MAC");

	if (eattr.counter_too_small) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response "
			   "included AT_COUNTER_TOO_SMALL - starting full "
			   "authentication");
		eap_aka_determine_identity(sm, data, 0, 1);
		return;
	}

	if (sm->eap_sim_aka_result_ind && attr->result_ind) {
		data->use_result_ind = 1;
		data->notification = EAP_SIM_SUCCESS;
		eap_aka_state(data, NOTIFICATION);
	} else
		eap_aka_state(data, SUCCESS);

	if (data->reauth) {
		identity = data->reauth->identity;
		identity_len = data->reauth->identity_len;
	} else {
		identity = sm->identity;
		identity_len = sm->identity_len;
	}

	id2 = eap_sim_db_get_permanent(sm->eap_sim_db_priv, identity,
				       identity_len, &id2_len);
	if (id2) {
		identity = id2;
		identity_len = id2_len;
	}

	if (data->next_pseudonym) {
		eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
					 identity_len, data->next_pseudonym);
		data->next_pseudonym = NULL;
	}
	if (data->next_reauth_id) {
		if (data->eap_method == EAP_TYPE_AKA_PRIME) {
#ifdef EAP_SERVER_AKA_PRIME
			eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
						    identity,
						    identity_len,
						    data->next_reauth_id,
						    data->counter + 1,
						    data->k_encr, data->k_aut,
						    data->k_re);
#endif /* EAP_SERVER_AKA_PRIME */
		} else {
			eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
					      identity_len,
					      data->next_reauth_id,
					      data->counter + 1,
					      data->mk);
		}
		data->next_reauth_id = NULL;
	} else {
		eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
		data->reauth = NULL;
	}

	return;

fail:
	data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
	eap_aka_state(data, NOTIFICATION);
	eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
	data->reauth = NULL;
	os_free(decrypted);
}
Exemplo n.º 19
0
static void eap_aka_process_challenge(struct eap_sm *sm,
				      struct eap_aka_data *data,
				      struct wpabuf *respData,
				      struct eap_sim_attrs *attr)
{
	const u8 *identity;
	size_t identity_len;

	wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge");

#ifdef EAP_SERVER_AKA_PRIME
#if 0
	/* KDF negotiation; to be enabled only after more than one KDF is
	 * supported */
	if (data->eap_method == EAP_TYPE_AKA_PRIME &&
	    attr->kdf_count == 1 && attr->mac == NULL) {
		if (attr->kdf[0] != EAP_AKA_PRIME_KDF) {
			wpa_printf(MSG_WARNING, "EAP-AKA': Peer selected "
				   "unknown KDF");
			data->notification =
				EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
			eap_aka_state(data, NOTIFICATION);
			return;
		}

		data->kdf = attr->kdf[0];

		/* Allow negotiation to continue with the selected KDF by
		 * sending another Challenge message */
		wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
		return;
	}
#endif
#endif /* EAP_SERVER_AKA_PRIME */

	if (attr->checkcode &&
	    eap_aka_verify_checkcode(data, attr->checkcode,
				     attr->checkcode_len)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
			   "message");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}
	if (attr->mac == NULL ||
	    eap_aka_verify_mac(data, respData, attr->mac, NULL, 0)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "did not include valid AT_MAC");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	/*
	 * AT_RES is padded, so verify that there is enough room for RES and
	 * that the RES length in bits matches with the expected RES.
	 */
	if (attr->res == NULL || attr->res_len < data->res_len ||
	    attr->res_len_bits != data->res_len * 8 ||
	    os_memcmp(attr->res, data->res, data->res_len) != 0) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
			   "include valid AT_RES (attr len=%lu, res len=%lu "
			   "bits, expected %lu bits)",
			   (unsigned long) attr->res_len,
			   (unsigned long) attr->res_len_bits,
			   (unsigned long) data->res_len * 8);
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}

	wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the "
		   "correct AT_MAC");
	if (sm->eap_sim_aka_result_ind && attr->result_ind) {
		data->use_result_ind = 1;
		data->notification = EAP_SIM_SUCCESS;
		eap_aka_state(data, NOTIFICATION);
	} else
		eap_aka_state(data, SUCCESS);

	identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, sm->identity,
					    sm->identity_len, &identity_len);
	if (identity == NULL) {
		identity = sm->identity;
		identity_len = sm->identity_len;
	}

	if (data->next_pseudonym) {
		eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
					 identity_len,
					 data->next_pseudonym);
		data->next_pseudonym = NULL;
	}
	if (data->next_reauth_id) {
		if (data->eap_method == EAP_TYPE_AKA_PRIME) {
#ifdef EAP_SERVER_AKA_PRIME
			eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
						    identity,
						    identity_len,
						    data->next_reauth_id,
						    data->counter + 1,
						    data->k_encr, data->k_aut,
						    data->k_re);
#endif /* EAP_SERVER_AKA_PRIME */
		} else {
			eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
					      identity_len,
					      data->next_reauth_id,
					      data->counter + 1,
					      data->mk);
		}
		data->next_reauth_id = NULL;
	}
}
Exemplo n.º 20
0
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
        struct eap_aka_data *data,
        u8 id,
        const struct wpabuf *reqData,
        struct eap_sim_attrs *attr)
{
    const u8 *identity;
    size_t identity_len;
    int res;
    struct eap_sim_attrs eattr;

    wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");

    if (attr->checkcode &&
            eap_aka_verify_checkcode(data, attr->checkcode,
                                     attr->checkcode_len)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
                   "message");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        if (!attr->kdf_input || attr->kdf_input_len == 0) {
            wpa_printf(MSG_WARNING, "EAP-AKA': Challenge message "
                       "did not include non-empty AT_KDF_INPUT");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
        os_free(data->network_name);
        data->network_name = os_malloc(attr->kdf_input_len);
        if (data->network_name == NULL) {
            wpa_printf(MSG_WARNING, "EAP-AKA': No memory for "
                       "storing Network Name");
            return eap_aka_authentication_reject(data, id);
        }
        os_memcpy(data->network_name, attr->kdf_input,
                  attr->kdf_input_len);
        data->network_name_len = attr->kdf_input_len;
        wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA': Network Name "
                          "(AT_KDF_INPUT)",
                          data->network_name, data->network_name_len);
        /* TODO: check Network Name per 3GPP.33.402 */

        if (!eap_aka_prime_kdf_valid(data, attr))
            return eap_aka_authentication_reject(data, id);

        if (attr->kdf[0] != EAP_AKA_PRIME_KDF)
            return eap_aka_prime_kdf_neg(data, id, attr);

        data->kdf = EAP_AKA_PRIME_KDF;
        wpa_printf(MSG_DEBUG, "EAP-AKA': KDF %d selected", data->kdf);
    }

    if (data->eap_method == EAP_TYPE_AKA && attr->bidding) {
        u16 flags = WPA_GET_BE16(attr->bidding);
        if ((flags & EAP_AKA_BIDDING_FLAG_D) &&
                eap_allowed_method(sm, EAP_VENDOR_IETF,
                                   EAP_TYPE_AKA_PRIME)) {
            wpa_printf(MSG_WARNING, "EAP-AKA: Bidding down from "
                       "AKA' to AKA detected");
            /* Fail authentication as if AUTN had been incorrect */
            return eap_aka_authentication_reject(data, id);
        }
    }
#endif /* EAP_AKA_PRIME */

    data->reauth = 0;
    if (!attr->mac || !attr->rand || !attr->autn) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "did not include%s%s%s",
                   !attr->mac ? " AT_MAC" : "",
                   !attr->rand ? " AT_RAND" : "",
                   !attr->autn ? " AT_AUTN" : "");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
    os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
    os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

    res = eap_aka_umts_auth(sm, data);
    if(res != 0) {
        wpa_printf(MSG_ERROR, "EAP-AKA: No more data send to APDU server");
        //SCardDisconnect(0,0);
    }
    if (res == -1) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN)");
        return eap_aka_authentication_reject(data, id);
    } else if (res == -2) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
                   "failed (AUTN seq# -> AUTS)");
        return eap_aka_synchronization_failure(data, id);
    } else if (res) {
        wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }
#ifdef EAP_AKA_PRIME
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        /* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
         * needed 6-octet SQN ^ AK for CK',IK' derivation */
        u16 amf = WPA_GET_BE16(data->autn + 6);
        if (!(amf & 0x8000)) {
            wpa_printf(MSG_WARNING, "EAP-AKA': AMF separation bit "
                       "not set (AMF=0x%4x)", amf);
            return eap_aka_authentication_reject(data, id);
        }
        eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
                                         data->autn,
                                         data->network_name,
                                         data->network_name_len);
    }
#endif /* EAP_AKA_PRIME */
    if (data->last_eap_identity) {
        identity = data->last_eap_identity;
        identity_len = data->last_eap_identity_len;
    } else if (data->pseudonym) {
        identity = data->pseudonym;
        identity_len = data->pseudonym_len;
    } else
        identity = eap_get_config_identity(sm, &identity_len);
    wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
                      "derivation", identity, identity_len);
    if (data->eap_method == EAP_TYPE_AKA_PRIME) {
        eap_aka_prime_derive_keys(identity, identity_len, data->ik,
                                  data->ck, data->k_encr, data->k_aut,
                                  data->k_re, data->msk, data->emsk);
    } else {
        eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
                          data->mk);
        eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
                            data->msk, data->emsk);
    }
    if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
        wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
                   "used invalid AT_MAC");
        return eap_aka_client_error(data, id,
                                    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
    }

    /* Old reauthentication identity must not be used anymore. In
     * other words, if no new identities are received, full
     * authentication will be used on next reauthentication (using
     * pseudonym identity or permanent identity). */
    eap_aka_clear_identities(data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);

    if (attr->encr_data) {
        u8 *decrypted;
        decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
                                       attr->encr_data_len, attr->iv,
                                       &eattr, 0);
        if (decrypted == NULL) {
            return eap_aka_client_error(
                       data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
        }
        eap_aka_learn_ids(sm, data, &eattr);
        os_free(decrypted);
    }

    if (data->result_ind && attr->result_ind)
        data->use_result_ind = 1;

    if (data->state != FAILURE && data->state != RESULT_FAILURE) {
        eap_aka_state(data, data->use_result_ind ?
                      RESULT_SUCCESS : SUCCESS);
    }

    data->num_id_req = 0;
    data->num_notification = 0;
    /* RFC 4187 specifies that counter is initialized to one after
     * fullauth, but initializing it to zero makes it easier to implement
     * reauth verification. */
    data->counter = 0;
    return eap_aka_response_challenge(data, id);
}
Exemplo n.º 21
0
static void eap_aka_determine_identity(struct eap_sm *sm,
				       struct eap_aka_data *data,
				       int before_identity, int after_reauth)
{
	const u8 *identity;
	size_t identity_len;
	int res;

	identity = NULL;
	identity_len = 0;

	if (after_reauth && data->reauth) {
		identity = data->reauth->identity;
		identity_len = data->reauth->identity_len;
	} else if (sm->identity && sm->identity_len > 0 &&
		   sm->identity[0] == EAP_AKA_PERMANENT_PREFIX) {
		identity = sm->identity;
		identity_len = sm->identity_len;
	} else {
		identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv,
						    sm->identity,
						    sm->identity_len,
						    &identity_len);
		if (identity == NULL) {
			data->reauth = eap_sim_db_get_reauth_entry(
				sm->eap_sim_db_priv, sm->identity,
				sm->identity_len);
			if (data->reauth &&
			    data->reauth->aka_prime !=
			    (data->eap_method == EAP_TYPE_AKA_PRIME)) {
				wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth data "
					   "was for different AKA version");
				data->reauth = NULL;
			}
			if (data->reauth) {
				wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast "
					   "re-authentication");
				identity = data->reauth->identity;
				identity_len = data->reauth->identity_len;
				data->counter = data->reauth->counter;
				if (data->eap_method == EAP_TYPE_AKA_PRIME) {
					os_memcpy(data->k_encr,
						  data->reauth->k_encr,
						  EAP_SIM_K_ENCR_LEN);
					os_memcpy(data->k_aut,
						  data->reauth->k_aut,
						  EAP_AKA_PRIME_K_AUT_LEN);
					os_memcpy(data->k_re,
						  data->reauth->k_re,
						  EAP_AKA_PRIME_K_RE_LEN);
				} else {
					os_memcpy(data->mk, data->reauth->mk,
						  EAP_SIM_MK_LEN);
				}
			}
		}
	}

	if (identity == NULL ||
	    eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
				      sm->identity_len) < 0) {
		if (before_identity) {
			wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent user name "
				   "not known - send AKA-Identity request");
			eap_aka_state(data, IDENTITY);
			return;
		} else {
			wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown whether the "
				   "permanent user name is known; try to use "
				   "it");
			/* eap_sim_db_get_aka_auth() will report failure, if
			 * this identity is not known. */
		}
	}

	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity",
			  identity, identity_len);

	if (!after_reauth && data->reauth) {
		eap_aka_state(data, REAUTH);
		return;
	}

	res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, identity,
				      identity_len, data->rand, data->autn,
				      data->ik, data->ck, data->res,
				      &data->res_len, sm);
	if (res == EAP_SIM_DB_PENDING) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
			   "not yet available - pending request");
		sm->method_pending = METHOD_PENDING_WAIT;
		return;
	}

#ifdef EAP_SERVER_AKA_PRIME
	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
		/* Note: AUTN = (SQN ^ AK) || AMF || MAC which gives us the
		 * needed 6-octet SQN ^AK for CK',IK' derivation */
		eap_aka_prime_derive_ck_ik_prime(data->ck, data->ik,
						 data->autn,
						 data->network_name,
						 data->network_name_len);
	}
#endif /* EAP_SERVER_AKA_PRIME */

	data->reauth = NULL;
	data->counter = 0; /* reset re-auth counter since this is full auth */

	if (res != 0) {
		wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA "
			   "authentication data for the peer");
		data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
		eap_aka_state(data, NOTIFICATION);
		return;
	}
	if (sm->method_pending == METHOD_PENDING_WAIT) {
		wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data "
			   "available - abort pending wait");
		sm->method_pending = METHOD_PENDING_NONE;
	}

	identity_len = sm->identity_len;
	while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
		wpa_printf(MSG_DEBUG, "EAP-AKA: Workaround - drop last null "
			   "character from identity");
		identity_len--;
	}
	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation",
			  sm->identity, identity_len);

	if (data->eap_method == EAP_TYPE_AKA_PRIME) {
		eap_aka_prime_derive_keys(identity, identity_len, data->ik,
					  data->ck, data->k_encr, data->k_aut,
					  data->k_re, data->msk, data->emsk);
	} else {
		eap_aka_derive_mk(sm->identity, identity_len, data->ik,
				  data->ck, data->mk);
		eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut,
				    data->msk, data->emsk);
	}

	eap_aka_state(data, CHALLENGE);
}
Exemplo n.º 22
0
static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,
						 struct eap_aka_data *data,
						 u8 id,
						 const struct wpabuf *reqData,
						 struct eap_sim_attrs *attr)
{
	const u8 *identity;
	size_t identity_len;
	int res;
	struct eap_sim_attrs eattr;

	wpa_printf(MSG_DEBUG, "EAP-AKA: subtype Challenge");

	if (attr->checkcode &&
	    eap_aka_verify_checkcode(data, attr->checkcode,
				     attr->checkcode_len)) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
			   "message");
		return eap_aka_client_error(data, id,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	data->reauth = 0;
	if (!attr->mac || !attr->rand || !attr->autn) {
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "did not include%s%s%s",
			   !attr->mac ? " AT_MAC" : "",
			   !attr->rand ? " AT_RAND" : "",
			   !attr->autn ? " AT_AUTN" : "");
		return eap_aka_client_error(data, id,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	os_memcpy(data->rand, attr->rand, EAP_AKA_RAND_LEN);
	os_memcpy(data->autn, attr->autn, EAP_AKA_AUTN_LEN);

	res = eap_aka_umts_auth(sm, data);
	if (res == -1) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN)");
		return eap_aka_authentication_reject(data, id);
	} else if (res == -2) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication "
			   "failed (AUTN seq# -> AUTS)");
		return eap_aka_synchronization_failure(data, id);
	} else if (res) {
		wpa_printf(MSG_WARNING, "EAP-AKA: UMTS authentication failed");
		return eap_aka_client_error(data, id,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}
	if (data->last_eap_identity) {
		identity = data->last_eap_identity;
		identity_len = data->last_eap_identity_len;
	} else if (data->pseudonym) {
		identity = data->pseudonym;
		identity_len = data->pseudonym_len;
	} else
		identity = eap_get_config_identity(sm, &identity_len);
	wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Selected identity for MK "
			  "derivation", identity, identity_len);
	eap_aka_derive_mk(identity, identity_len, data->ik, data->ck,
			  data->mk);
	eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
			    data->emsk);
	if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
	{
		wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
			   "used invalid AT_MAC");
		return eap_aka_client_error(data, id,
					    EAP_AKA_UNABLE_TO_PROCESS_PACKET);
	}

	/* Old reauthentication and pseudonym identities must not be used
	 * anymore. In other words, if no new identities are received, full
	 * authentication will be used on next reauthentication. */
	eap_aka_clear_identities(data, CLEAR_PSEUDONYM | CLEAR_REAUTH_ID |
				 CLEAR_EAP_ID);

	if (attr->encr_data) {
		u8 *decrypted;
		decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
					       attr->encr_data_len, attr->iv,
					       &eattr, 0);
		if (decrypted == NULL) {
			return eap_aka_client_error(
				data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
		}
		eap_aka_learn_ids(data, &eattr);
		os_free(decrypted);
	}

	if (data->result_ind && attr->result_ind)
		data->use_result_ind = 1;

	if (data->state != FAILURE && data->state != RESULT_FAILURE) {
		eap_aka_state(data, data->use_result_ind ?
			      RESULT_SUCCESS : SUCCESS);
	}

	data->num_id_req = 0;
	data->num_notification = 0;
	/* RFC 4187 specifies that counter is initialized to one after
	 * fullauth, but initializing it to zero makes it easier to implement
	 * reauth verification. */
	data->counter = 0;
	return eap_aka_response_challenge(data, id);
}