src/eap_server/eap_server_sim.c

   1 /*
   2  * hostapd / EAP-SIM (RFC 4186)
   3  * Copyright (c) 2005-2008, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16
  17 #include "common.h"
  18 #include "crypto/random.h"
  19 #include "eap_server/eap_i.h"
  20 #include "eap_common/eap_sim_common.h"
  21 #include "eap_server/eap_sim_db.h"
  22
  23
  24 struct eap_sim_data {
  25         u8 mk[EAP_SIM_MK_LEN];
  26         u8 nonce_mt[EAP_SIM_NONCE_MT_LEN];
  27         u8 nonce_s[EAP_SIM_NONCE_S_LEN];
  28         u8 k_aut[EAP_SIM_K_AUT_LEN];
  29         u8 k_encr[EAP_SIM_K_ENCR_LEN];
  30         u8 msk[EAP_SIM_KEYING_DATA_LEN];
  31         u8 emsk[EAP_EMSK_LEN];
  32         u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN];
  33         u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN];
  34         u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN];
  35         int num_chal;
  36         enum {
  37                 START, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE
  38         } state;
  39         char *next_pseudonym;
  40         char *next_reauth_id;
  41         u16 counter;
  42         struct eap_sim_reauth *reauth;
  43         u16 notification;
  44         int use_result_ind;
  45 };
  46
  47
  48 static const char * eap_sim_state_txt(int state)
  49 {
  50         switch (state) {
  51         case START:
  52                 return "START";
  53         case CHALLENGE:
  54                 return "CHALLENGE";
  55         case REAUTH:
  56                 return "REAUTH";
  57         case SUCCESS:
  58                 return "SUCCESS";
  59         case FAILURE:
  60                 return "FAILURE";
  61         case NOTIFICATION:
  62                 return "NOTIFICATION";
  63         default:
  64                 return "Unknown?!";
  65         }
  66 }
  67
  68
  69 static void eap_sim_state(struct eap_sim_data *data, int state)
  70 {
  71         wpa_printf(MSG_DEBUG, "EAP-SIM: %s -> %s",
  72                    eap_sim_state_txt(data->state),
  73                    eap_sim_state_txt(state));
  74         data->state = state;
  75 }
  76
  77
  78 static void * eap_sim_init(struct eap_sm *sm)
  79 {
  80         struct eap_sim_data *data;
  81
  82         if (sm->eap_sim_db_priv == NULL) {
  83                 wpa_printf(MSG_WARNING, "EAP-SIM: eap_sim_db not configured");
  84                 return NULL;
  85         }
  86
  87         data = os_zalloc(sizeof(*data));
  88         if (data == NULL)
  89                 return NULL;
  90         data->state = START;
  91
  92         return data;
  93 }
  94
  95
  96 static void eap_sim_reset(struct eap_sm *sm, void *priv)
  97 {
  98         struct eap_sim_data *data = priv;
  99         os_free(data->next_pseudonym);
 100         os_free(data->next_reauth_id);
 101         os_free(data);
 102 }
 103
 104
 105 static struct wpabuf * eap_sim_build_start(struct eap_sm *sm,
 106                                            struct eap_sim_data *data, u8 id)
 107 {
 108         struct eap_sim_msg *msg;
 109         u8 ver[2];
 110
 111         wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Start");
 112         msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
 113                                EAP_SIM_SUBTYPE_START);
 114         if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
 115                                       sm->identity_len)) {
 116                 wpa_printf(MSG_DEBUG, "   AT_PERMANENT_ID_REQ");
 117                 eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
 118         } else {
 119                 /*
 120                  * RFC 4186, Chap. 4.2.4 recommends that identity from EAP is
 121                  * ignored and the SIM/Start is used to request the identity.
 122                  */
 123                 wpa_printf(MSG_DEBUG, "   AT_ANY_ID_REQ");
 124                 eap_sim_msg_add(msg, EAP_SIM_AT_ANY_ID_REQ, 0, NULL, 0);
 125         }
 126         wpa_printf(MSG_DEBUG, "   AT_VERSION_LIST");
 127         ver[0] = 0;
 128         ver[1] = EAP_SIM_VERSION;
 129         eap_sim_msg_add(msg, EAP_SIM_AT_VERSION_LIST, sizeof(ver),
 130                         ver, sizeof(ver));
 131         return eap_sim_msg_finish(msg, NULL, NULL, 0);
 132 }
 133
 134
 135 static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
 136                               struct eap_sim_msg *msg, u16 counter,
 137                               const u8 *nonce_s)
 138 {
 139         os_free(data->next_pseudonym);
 140         data->next_pseudonym =
 141                 eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0);
 142         os_free(data->next_reauth_id);
 143         if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
 144                 data->next_reauth_id =
 145                         eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 0);
 146         } else {
 147                 wpa_printf(MSG_DEBUG, "EAP-SIM: Max fast re-authentication "
 148                            "count exceeded - force full authentication");
 149                 data->next_reauth_id = NULL;
 150         }
 151
 152         if (data->next_pseudonym == NULL && data->next_reauth_id == NULL &&
 153             counter == 0 && nonce_s == NULL)
 154                 return 0;
 155
 156         wpa_printf(MSG_DEBUG, "   AT_IV");
 157         wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
 158         eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
 159
 160         if (counter > 0) {
 161                 wpa_printf(MSG_DEBUG, "   *AT_COUNTER (%u)", counter);
 162                 eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
 163         }
 164
 165         if (nonce_s) {
 166                 wpa_printf(MSG_DEBUG, "   *AT_NONCE_S");
 167                 eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s,
 168                                 EAP_SIM_NONCE_S_LEN);
 169         }
 170
 171         if (data->next_pseudonym) {
 172                 wpa_printf(MSG_DEBUG, "   *AT_NEXT_PSEUDONYM (%s)",
 173                            data->next_pseudonym);
 174                 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM,
 175                                 os_strlen(data->next_pseudonym),
 176                                 (u8 *) data->next_pseudonym,
 177                                 os_strlen(data->next_pseudonym));
 178         }
 179
 180         if (data->next_reauth_id) {
 181                 wpa_printf(MSG_DEBUG, "   *AT_NEXT_REAUTH_ID (%s)",
 182                            data->next_reauth_id);
 183                 eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID,
 184                                 os_strlen(data->next_reauth_id),
 185                                 (u8 *) data->next_reauth_id,
 186                                 os_strlen(data->next_reauth_id));
 187         }
 188
 189         if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
 190                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
 191                            "AT_ENCR_DATA");
 192                 return -1;
 193         }
 194
 195         return 0;
 196 }
 197
 198
 199 static struct wpabuf * eap_sim_build_challenge(struct eap_sm *sm,
 200                                                struct eap_sim_data *data,
 201                                                u8 id)
 202 {
 203         struct eap_sim_msg *msg;
 204
 205         wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Challenge");
 206         msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
 207                                EAP_SIM_SUBTYPE_CHALLENGE);
 208         wpa_printf(MSG_DEBUG, "   AT_RAND");
 209         eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, (u8 *) data->rand,
 210                         data->num_chal * GSM_RAND_LEN);
 211
 212         if (eap_sim_build_encr(sm, data, msg, 0, NULL)) {
 213                 eap_sim_msg_free(msg);
 214                 return NULL;
 215         }
 216
 217         if (sm->eap_sim_aka_result_ind) {
 218                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
 219                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
 220         }
 221
 222         wpa_printf(MSG_DEBUG, "   AT_MAC");
 223         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
 224         return eap_sim_msg_finish(msg, data->k_aut, data->nonce_mt,
 225                                   EAP_SIM_NONCE_MT_LEN);
 226 }
 227
 228
 229 static struct wpabuf * eap_sim_build_reauth(struct eap_sm *sm,
 230                                             struct eap_sim_data *data, u8 id)
 231 {
 232         struct eap_sim_msg *msg;
 233
 234         wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication");
 235
 236         if (random_get_bytes(data->nonce_s, EAP_SIM_NONCE_S_LEN))
 237                 return NULL;
 238         wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S",
 239                         data->nonce_s, EAP_SIM_NONCE_S_LEN);
 240
 241         eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
 242                             data->emsk);
 243         eap_sim_derive_keys_reauth(data->counter, sm->identity,
 244                                    sm->identity_len, data->nonce_s, data->mk,
 245                                    data->msk, data->emsk);
 246
 247         msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
 248                                EAP_SIM_SUBTYPE_REAUTHENTICATION);
 249
 250         if (eap_sim_build_encr(sm, data, msg, data->counter, data->nonce_s)) {
 251                 eap_sim_msg_free(msg);
 252                 return NULL;
 253         }
 254
 255         if (sm->eap_sim_aka_result_ind) {
 256                 wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
 257                 eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
 258         }
 259
 260         wpa_printf(MSG_DEBUG, "   AT_MAC");
 261         eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
 262         return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
 263 }
 264
 265
 266 static struct wpabuf * eap_sim_build_notification(struct eap_sm *sm,
 267                                                   struct eap_sim_data *data,
 268                                                   u8 id)
 269 {
 270         struct eap_sim_msg *msg;
 271
 272         wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Notification");
 273         msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
 274                                EAP_SIM_SUBTYPE_NOTIFICATION);
 275         wpa_printf(MSG_DEBUG, "   AT_NOTIFICATION (%d)", data->notification);
 276         eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification,
 277                         NULL, 0);
 278         if (data->use_result_ind) {
 279                 if (data->reauth) {
 280                         wpa_printf(MSG_DEBUG, "   AT_IV");
 281                         wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
 282                         eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
 283                                                    EAP_SIM_AT_ENCR_DATA);
 284                         wpa_printf(MSG_DEBUG, "   *AT_COUNTER (%u)",
 285                                    data->counter);
 286                         eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
 287                                         NULL, 0);
 288
 289                         if (eap_sim_msg_add_encr_end(msg, data->k_encr,
 290                                                      EAP_SIM_AT_PADDING)) {
 291                                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to "
 292                                            "encrypt AT_ENCR_DATA");
 293                                 eap_sim_msg_free(msg);
 294                                 return NULL;
 295                         }
 296                 }
 297
 298                 wpa_printf(MSG_DEBUG, "   AT_MAC");
 299                 eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
 300         }
 301         return eap_sim_msg_finish(msg, data->k_aut, NULL, 0);
 302 }
 303
 304
 305 static struct wpabuf * eap_sim_buildReq(struct eap_sm *sm, void *priv, u8 id)
 306 {
 307         struct eap_sim_data *data = priv;
 308
 309         switch (data->state) {
 310         case START:
 311                 return eap_sim_build_start(sm, data, id);
 312         case CHALLENGE:
 313                 return eap_sim_build_challenge(sm, data, id);
 314         case REAUTH:
 315                 return eap_sim_build_reauth(sm, data, id);
 316         case NOTIFICATION:
 317                 return eap_sim_build_notification(sm, data, id);
 318         default:
 319                 wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in "
 320                            "buildReq", data->state);
 321                 break;
 322         }
 323         return NULL;
 324 }
 325
 326
 327 static Boolean eap_sim_check(struct eap_sm *sm, void *priv,
 328                              struct wpabuf *respData)
 329 {
 330         struct eap_sim_data *data = priv;
 331         const u8 *pos;
 332         size_t len;
 333         u8 subtype;
 334
 335         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, respData, &len);
 336         if (pos == NULL || len < 3) {
 337                 wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame");
 338                 return TRUE;
 339         }
 340         subtype = *pos;
 341
 342         if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR)
 343                 return FALSE;
 344
 345         switch (data->state) {
 346         case START:
 347                 if (subtype != EAP_SIM_SUBTYPE_START) {
 348                         wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
 349                                    "subtype %d", subtype);
 350                         return TRUE;
 351                 }
 352                 break;
 353         case CHALLENGE:
 354                 if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) {
 355                         wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
 356                                    "subtype %d", subtype);
 357                         return TRUE;
 358                 }
 359                 break;
 360         case REAUTH:
 361                 if (subtype != EAP_SIM_SUBTYPE_REAUTHENTICATION) {
 362                         wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
 363                                    "subtype %d", subtype);
 364                         return TRUE;
 365                 }
 366                 break;
 367         case NOTIFICATION:
 368                 if (subtype != EAP_SIM_SUBTYPE_NOTIFICATION) {
 369                         wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
 370                                    "subtype %d", subtype);
 371                         return TRUE;
 372                 }
 373                 break;
 374         default:
 375                 wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for "
 376                            "processing a response", data->state);
 377                 return TRUE;
 378         }
 379
 380         return FALSE;
 381 }
 382
 383
 384 static int eap_sim_supported_ver(struct eap_sim_data *data, int version)
 385 {
 386         return version == EAP_SIM_VERSION;
 387 }
 388
 389
 390 static void eap_sim_process_start(struct eap_sm *sm,
 391                                   struct eap_sim_data *data,
 392                                   struct wpabuf *respData,
 393                                   struct eap_sim_attrs *attr)
 394 {
 395         const u8 *identity;
 396         size_t identity_len;
 397         u8 ver_list[2];
 398
 399         wpa_printf(MSG_DEBUG, "EAP-SIM: Receive start response");
 400
 401         if (attr->identity) {
 402                 os_free(sm->identity);
 403                 sm->identity = os_malloc(attr->identity_len);
 404                 if (sm->identity) {
 405                         os_memcpy(sm->identity, attr->identity,
 406                                   attr->identity_len);
 407                         sm->identity_len = attr->identity_len;
 408                 }
 409         }
 410
 411         identity = NULL;
 412         identity_len = 0;
 413
 414         if (sm->identity && sm->identity_len > 0 &&
 415             sm->identity[0] == EAP_SIM_PERMANENT_PREFIX) {
 416                 identity = sm->identity;
 417                 identity_len = sm->identity_len;
 418         } else {
 419                 identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv,
 420                                                     sm->identity,
 421                                                     sm->identity_len,
 422                                                     &identity_len);
 423                 if (identity == NULL) {
 424                         data->reauth = eap_sim_db_get_reauth_entry(
 425                                 sm->eap_sim_db_priv, sm->identity,
 426                                 sm->identity_len);
 427                         if (data->reauth) {
 428                                 wpa_printf(MSG_DEBUG, "EAP-SIM: Using fast "
 429                                            "re-authentication");
 430                                 identity = data->reauth->identity;
 431                                 identity_len = data->reauth->identity_len;
 432                                 data->counter = data->reauth->counter;
 433                                 os_memcpy(data->mk, data->reauth->mk,
 434                                           EAP_SIM_MK_LEN);
 435                         }
 436                 }
 437         }
 438
 439         if (identity == NULL) {
 440                 wpa_printf(MSG_DEBUG, "EAP-SIM: Could not get proper permanent"
 441                            " user name");
 442                 eap_sim_state(data, FAILURE);
 443                 return;
 444         }
 445
 446         wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity",
 447                           identity, identity_len);
 448
 449         if (data->reauth) {
 450                 eap_sim_state(data, REAUTH);
 451                 return;
 452         }
 453
 454         if (attr->nonce_mt == NULL || attr->selected_version < 0) {
 455                 wpa_printf(MSG_DEBUG, "EAP-SIM: Start/Response missing "
 456                            "required attributes");
 457                 eap_sim_state(data, FAILURE);
 458                 return;
 459         }
 460
 461         if (!eap_sim_supported_ver(data, attr->selected_version)) {
 462                 wpa_printf(MSG_DEBUG, "EAP-SIM: Peer selected unsupported "
 463                            "version %d", attr->selected_version);
 464                 eap_sim_state(data, FAILURE);
 465                 return;
 466         }
 467
 468         data->counter = 0; /* reset re-auth counter since this is full auth */
 469         data->reauth = NULL;
 470
 471         data->num_chal = eap_sim_db_get_gsm_triplets(
 472                 sm->eap_sim_db_priv, identity, identity_len,
 473                 EAP_SIM_MAX_CHAL,
 474                 (u8 *) data->rand, (u8 *) data->kc, (u8 *) data->sres, sm);
 475         if (data->num_chal == EAP_SIM_DB_PENDING) {
 476                 wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication triplets "
 477                            "not yet available - pending request");
 478                 sm->method_pending = METHOD_PENDING_WAIT;
 479                 return;
 480         }
 481         if (data->num_chal < 2) {
 482                 wpa_printf(MSG_INFO, "EAP-SIM: Failed to get GSM "
 483                            "authentication triplets for the peer");
 484                 eap_sim_state(data, FAILURE);
 485                 return;
 486         }
 487
 488         identity_len = sm->identity_len;
 489         while (identity_len > 0 && sm->identity[identity_len - 1] == '\0') {
 490                 wpa_printf(MSG_DEBUG, "EAP-SIM: Workaround - drop last null "
 491                            "character from identity");
 492                 identity_len--;
 493         }
 494         wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity for MK derivation",
 495                           sm->identity, identity_len);
 496
 497         os_memcpy(data->nonce_mt, attr->nonce_mt, EAP_SIM_NONCE_MT_LEN);
 498         WPA_PUT_BE16(ver_list, EAP_SIM_VERSION);
 499         eap_sim_derive_mk(sm->identity, identity_len, attr->nonce_mt,
 500                           attr->selected_version, ver_list, sizeof(ver_list),
 501                           data->num_chal, (const u8 *) data->kc, data->mk);
 502         eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
 503                             data->emsk);
 504
 505         eap_sim_state(data, CHALLENGE);
 506 }
 507
 508
 509 static void eap_sim_process_challenge(struct eap_sm *sm,
 510                                       struct eap_sim_data *data,
 511                                       struct wpabuf *respData,
 512                                       struct eap_sim_attrs *attr)
 513 {
 514         const u8 *identity;
 515         size_t identity_len;
 516
 517         if (attr->mac == NULL ||
 518             eap_sim_verify_mac(data->k_aut, respData, attr->mac,
 519                                (u8 *) data->sres,
 520                                data->num_chal * EAP_SIM_SRES_LEN)) {
 521                 wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
 522                            "did not include valid AT_MAC");
 523                 eap_sim_state(data, FAILURE);
 524                 return;
 525         }
 526
 527         wpa_printf(MSG_DEBUG, "EAP-SIM: Challenge response includes the "
 528                    "correct AT_MAC");
 529         if (sm->eap_sim_aka_result_ind && attr->result_ind) {
 530                 data->use_result_ind = 1;
 531                 data->notification = EAP_SIM_SUCCESS;
 532                 eap_sim_state(data, NOTIFICATION);
 533         } else
 534                 eap_sim_state(data, SUCCESS);
 535
 536         identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, sm->identity,
 537                                             sm->identity_len, &identity_len);
 538         if (identity == NULL) {
 539                 identity = sm->identity;
 540                 identity_len = sm->identity_len;
 541         }
 542
 543         if (data->next_pseudonym) {
 544                 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
 545                                          identity_len,
 546                                          data->next_pseudonym);
 547                 data->next_pseudonym = NULL;
 548         }
 549         if (data->next_reauth_id) {
 550                 eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
 551                                       identity_len,
 552                                       data->next_reauth_id, data->counter + 1,
 553                                       data->mk);
 554                 data->next_reauth_id = NULL;
 555         }
 556 }
 557
 558
 559 static void eap_sim_process_reauth(struct eap_sm *sm,
 560                                    struct eap_sim_data *data,
 561                                    struct wpabuf *respData,
 562                                    struct eap_sim_attrs *attr)
 563 {
 564         struct eap_sim_attrs eattr;
 565         u8 *decrypted = NULL;
 566         const u8 *identity, *id2;
 567         size_t identity_len, id2_len;
 568
 569         if (attr->mac == NULL ||
 570             eap_sim_verify_mac(data->k_aut, respData, attr->mac, data->nonce_s,
 571                                EAP_SIM_NONCE_S_LEN)) {
 572                 wpa_printf(MSG_WARNING, "EAP-SIM: Re-authentication message "
 573                            "did not include valid AT_MAC");
 574                 goto fail;
 575         }
 576
 577         if (attr->encr_data == NULL || attr->iv == NULL) {
 578                 wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
 579                            "message did not include encrypted data");
 580                 goto fail;
 581         }
 582
 583         decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
 584                                        attr->encr_data_len, attr->iv, &eattr,
 585                                        0);
 586         if (decrypted == NULL) {
 587                 wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
 588                            "data from reauthentication message");
 589                 goto fail;
 590         }
 591
 592         if (eattr.counter != data->counter) {
 593                 wpa_printf(MSG_WARNING, "EAP-SIM: Re-authentication message "
 594                            "used incorrect counter %u, expected %u",
 595                            eattr.counter, data->counter);
 596                 goto fail;
 597         }
 598         os_free(decrypted);
 599         decrypted = NULL;
 600
 601         wpa_printf(MSG_DEBUG, "EAP-SIM: Re-authentication response includes "
 602                    "the correct AT_MAC");
 603         if (sm->eap_sim_aka_result_ind && attr->result_ind) {
 604                 data->use_result_ind = 1;
 605                 data->notification = EAP_SIM_SUCCESS;
 606                 eap_sim_state(data, NOTIFICATION);
 607         } else
 608                 eap_sim_state(data, SUCCESS);
 609
 610         if (data->reauth) {
 611                 identity = data->reauth->identity;
 612                 identity_len = data->reauth->identity_len;
 613         } else {
 614                 identity = sm->identity;
 615                 identity_len = sm->identity_len;
 616         }
 617
 618         id2 = eap_sim_db_get_permanent(sm->eap_sim_db_priv, identity,
 619                                        identity_len, &id2_len);
 620         if (id2) {
 621                 identity = id2;
 622                 identity_len = id2_len;
 623         }
 624
 625         if (data->next_pseudonym) {
 626                 eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
 627                                          identity_len, data->next_pseudonym);
 628                 data->next_pseudonym = NULL;
 629         }
 630         if (data->next_reauth_id) {
 631                 eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
 632                                       identity_len, data->next_reauth_id,
 633                                       data->counter + 1, data->mk);
 634                 data->next_reauth_id = NULL;
 635         } else {
 636                 eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
 637                 data->reauth = NULL;
 638         }
 639
 640         return;
 641
 642 fail:
 643         eap_sim_state(data, FAILURE);
 644         eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
 645         data->reauth = NULL;
 646         os_free(decrypted);
 647 }
 648
 649
 650 static void eap_sim_process_client_error(struct eap_sm *sm,
 651                                          struct eap_sim_data *data,
 652                                          struct wpabuf *respData,
 653                                          struct eap_sim_attrs *attr)
 654 {
 655         wpa_printf(MSG_DEBUG, "EAP-SIM: Client reported error %d",
 656                    attr->client_error_code);
 657         if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
 658                 eap_sim_state(data, SUCCESS);
 659         else
 660                 eap_sim_state(data, FAILURE);
 661 }
 662
 663
 664 static void eap_sim_process_notification(struct eap_sm *sm,
 665                                          struct eap_sim_data *data,
 666                                          struct wpabuf *respData,
 667                                          struct eap_sim_attrs *attr)
 668 {
 669         wpa_printf(MSG_DEBUG, "EAP-SIM: Client replied to notification");
 670         if (data->notification == EAP_SIM_SUCCESS && data->use_result_ind)
 671                 eap_sim_state(data, SUCCESS);
 672         else
 673                 eap_sim_state(data, FAILURE);
 674 }
 675
 676
 677 static void eap_sim_process(struct eap_sm *sm, void *priv,
 678                             struct wpabuf *respData)
 679 {
 680         struct eap_sim_data *data = priv;
 681         const u8 *pos, *end;
 682         u8 subtype;
 683         size_t len;
 684         struct eap_sim_attrs attr;
 685
 686         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, respData, &len);
 687         if (pos == NULL || len < 3)
 688                 return;
 689
 690         end = pos + len;
 691         subtype = *pos;
 692         pos += 3;
 693
 694         if (eap_sim_parse_attr(pos, end, &attr, 0, 0)) {
 695                 wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to parse attributes");
 696                 eap_sim_state(data, FAILURE);
 697                 return;
 698         }
 699
 700         if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR) {
 701                 eap_sim_process_client_error(sm, data, respData, &attr);
 702                 return;
 703         }
 704
 705         switch (data->state) {
 706         case START:
 707                 eap_sim_process_start(sm, data, respData, &attr);
 708                 break;
 709         case CHALLENGE:
 710                 eap_sim_process_challenge(sm, data, respData, &attr);
 711                 break;
 712         case REAUTH:
 713                 eap_sim_process_reauth(sm, data, respData, &attr);
 714                 break;
 715         case NOTIFICATION:
 716                 eap_sim_process_notification(sm, data, respData, &attr);
 717                 break;
 718         default:
 719                 wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in "
 720                            "process", data->state);
 721                 break;
 722         }
 723 }
 724
 725
 726 static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv)
 727 {
 728         struct eap_sim_data *data = priv;
 729         return data->state == SUCCESS || data->state == FAILURE;
 730 }
 731
 732
 733 static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
 734 {
 735         struct eap_sim_data *data = priv;
 736         u8 *key;
 737
 738         if (data->state != SUCCESS)
 739                 return NULL;
 740
 741         key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
 742         if (key == NULL)
 743                 return NULL;
 744         os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
 745         *len = EAP_SIM_KEYING_DATA_LEN;
 746         return key;
 747 }
 748
 749
 750 static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 751 {
 752         struct eap_sim_data *data = priv;
 753         u8 *key;
 754
 755         if (data->state != SUCCESS)
 756                 return NULL;
 757
 758         key = os_malloc(EAP_EMSK_LEN);
 759         if (key == NULL)
 760                 return NULL;
 761         os_memcpy(key, data->emsk, EAP_EMSK_LEN);
 762         *len = EAP_EMSK_LEN;
 763         return key;
 764 }
 765
 766
 767 static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv)
 768 {
 769         struct eap_sim_data *data = priv;
 770         return data->state == SUCCESS;
 771 }
 772
 773
 774 int eap_server_sim_register(void)
 775 {
 776         struct eap_method *eap;
 777         int ret;
 778
 779         eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
 780                                       EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM");
 781         if (eap == NULL)
 782                 return -1;
 783
 784         eap->init = eap_sim_init;
 785         eap->reset = eap_sim_reset;
 786         eap->buildReq = eap_sim_buildReq;
 787         eap->check = eap_sim_check;
 788         eap->process = eap_sim_process;
 789         eap->isDone = eap_sim_isDone;
 790         eap->getKey = eap_sim_getKey;
 791         eap->isSuccess = eap_sim_isSuccess;
 792         eap->get_emsk = eap_sim_get_emsk;
 793
 794         ret = eap_server_method_register(eap);
 795         if (ret)
 796                 eap_server_method_free(eap);
 797         return ret;
 798 }