432 lines
10 KiB
C

/*
* hostapd / EAP-SIM (draft-haverinen-pppext-eap-sim-15.txt)
* Copyright (c) 2005, Jouni Malinen <jkmaline@cc.hut.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netinet/in.h>
#include "hostapd.h"
#include "common.h"
#include "sha1.h"
#include "eap_i.h"
#include "eap_sim_common.h"
#include "eap_sim_db.h"
#define EAP_SIM_VERSION 1
/* EAP-SIM Subtypes */
#define EAP_SIM_SUBTYPE_START 10
#define EAP_SIM_SUBTYPE_CHALLENGE 11
#define EAP_SIM_SUBTYPE_NOTIFICATION 12
#define EAP_SIM_SUBTYPE_REAUTHENTICATION 13
#define EAP_SIM_SUBTYPE_CLIENT_ERROR 14
/* AT_CLIENT_ERROR_CODE error codes */
#define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0
#define EAP_SIM_UNSUPPORTED_VERSION 1
#define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2
#define EAP_SIM_RAND_NOT_FRESH 3
#define KC_LEN 8
#define SRES_LEN 4
#define EAP_SIM_MAX_FAST_REAUTHS 1000
#define EAP_SIM_MAX_CHAL 3
struct eap_sim_data {
u8 mk[EAP_SIM_MK_LEN];
u8 nonce_mt[EAP_SIM_NONCE_MT_LEN];
u8 k_aut[EAP_SIM_K_AUT_LEN];
u8 k_encr[EAP_SIM_K_ENCR_LEN];
u8 msk[EAP_SIM_KEYING_DATA_LEN];
u8 kc[EAP_SIM_MAX_CHAL][KC_LEN];
u8 sres[EAP_SIM_MAX_CHAL][SRES_LEN];
u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN];
int num_chal;
enum { START, CHALLENGE, SUCCESS, FAILURE } state;
};
static const char * eap_sim_state_txt(int state)
{
switch (state) {
case START:
return "START";
case CHALLENGE:
return "CHALLENGE";
case SUCCESS:
return "SUCCESS";
case FAILURE:
return "FAILURE";
default:
return "Unknown?!";
}
}
static void eap_sim_state(struct eap_sim_data *data, int state)
{
wpa_printf(MSG_DEBUG, "EAP-SIM %s -> %s",
eap_sim_state_txt(data->state),
eap_sim_state_txt(state));
data->state = state;
}
static void * eap_sim_init(struct eap_sm *sm)
{
struct eap_sim_data *data;
if (sm->eap_sim_db_priv == NULL) {
wpa_printf(MSG_WARNING, "EAP-SIM: eap_sim_db not configured");
return NULL;
}
data = malloc(sizeof(*data));
if (data == NULL)
return data;
memset(data, 0, sizeof(*data));
data->state = START;
return data;
}
static void eap_sim_reset(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
free(data);
}
static u8 * eap_sim_build_start(struct eap_sm *sm, struct eap_sim_data *data,
int id, size_t *reqDataLen)
{
struct eap_sim_msg *msg;
u8 ver[2];
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_START);
if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity,
sm->identity_len)) {
eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0);
}
ver[0] = 0;
ver[1] = EAP_SIM_VERSION;
eap_sim_msg_add(msg, EAP_SIM_AT_VERSION_LIST, sizeof(ver),
ver, sizeof(ver));
return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0);
}
static u8 * eap_sim_build_challenge(struct eap_sm *sm,
struct eap_sim_data *data,
int id, size_t *reqDataLen)
{
struct eap_sim_msg *msg;
msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM,
EAP_SIM_SUBTYPE_CHALLENGE);
eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, (u8 *) data->rand,
data->num_chal * GSM_RAND_LEN);
eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
return eap_sim_msg_finish(msg, reqDataLen, data->k_aut, data->nonce_mt,
EAP_SIM_NONCE_MT_LEN);
}
static u8 * eap_sim_buildReq(struct eap_sm *sm, void *priv, int id,
size_t *reqDataLen)
{
struct eap_sim_data *data = priv;
switch (data->state) {
case START:
return eap_sim_build_start(sm, data, id, reqDataLen);
case CHALLENGE:
return eap_sim_build_challenge(sm, data, id, reqDataLen);
default:
wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in "
"buildReq", data->state);
break;
}
return NULL;
}
static Boolean eap_sim_check(struct eap_sm *sm, void *priv,
u8 *respData, size_t respDataLen)
{
struct eap_sim_data *data = priv;
struct eap_hdr *resp;
u8 *pos, subtype;
size_t len;
resp = (struct eap_hdr *) respData;
pos = (u8 *) (resp + 1);
if (respDataLen < sizeof(*resp) + 4 || *pos != EAP_TYPE_SIM ||
(len = ntohs(resp->length)) > respDataLen) {
wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame");
return TRUE;
}
subtype = pos[1];
if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR)
return FALSE;
switch (data->state) {
case START:
if (subtype != EAP_SIM_SUBTYPE_START) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
return TRUE;
}
break;
case CHALLENGE:
if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) {
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response "
"subtype %d", subtype);
return TRUE;
}
break;
default:
wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for "
"processing a response", data->state);
return TRUE;
}
return FALSE;
}
static int eap_sim_supported_ver(struct eap_sim_data *data, int version)
{
return version == EAP_SIM_VERSION;
}
static void eap_sim_derive_mk(struct eap_sim_data *data,
const u8 *identity, size_t identity_len,
const u8 *nonce_mt, int selected_version,
int num_chal, const u8 *kc)
{
u8 sel_ver[2], ver_list[2];
const unsigned char *addr[5];
size_t len[5];
addr[0] = identity;
addr[1] = kc;
addr[2] = nonce_mt;
addr[3] = ver_list;
addr[4] = sel_ver;
len[0] = identity_len;
len[1] = num_chal * KC_LEN;
len[2] = EAP_SIM_NONCE_MT_LEN;
len[3] = sizeof(ver_list);
len[4] = sizeof(sel_ver);
ver_list[0] = 0;
ver_list[1] = EAP_SIM_VERSION;
sel_ver[0] = selected_version >> 8;
sel_ver[1] = selected_version & 0xff;
/* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
sha1_vector(5, addr, len, data->mk);
wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", data->mk, EAP_SIM_MK_LEN);
}
static void eap_sim_process_start(struct eap_sm *sm,
struct eap_sim_data *data,
u8 *respData, size_t respDataLen,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-SIM: Receive start response");
if (attr->nonce_mt == NULL || attr->selected_version < 0) {
wpa_printf(MSG_DEBUG, "EAP-SIM: Start/Response missing "
"required attributes");
eap_sim_state(data, FAILURE);
return;
}
if (!eap_sim_supported_ver(data, attr->selected_version)) {
wpa_printf(MSG_DEBUG, "EAP-SIM: Peer selected unsupported "
"version %d", attr->selected_version);
eap_sim_state(data, FAILURE);
return;
}
if (attr->identity) {
free(sm->identity);
sm->identity = malloc(attr->identity_len);
if (sm->identity) {
memcpy(sm->identity, attr->identity,
attr->identity_len);
sm->identity_len = attr->identity_len;
}
}
if (sm->identity == NULL || sm->identity_len < 1 ||
sm->identity[0] != '1') {
wpa_printf(MSG_DEBUG, "EAP-SIM: Could not get proper permanent"
" user name");
eap_sim_state(data, FAILURE);
return;
}
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity",
sm->identity, sm->identity_len);
data->num_chal = eap_sim_db_get_gsm_triplets(
sm->eap_sim_db_priv, sm->identity, sm->identity_len,
EAP_SIM_MAX_CHAL,
(u8 *) data->rand, (u8 *) data->kc, (u8 *) data->sres);
if (data->num_chal < 2) {
wpa_printf(MSG_INFO, "EAP-SIM: Failed to get GSM "
"authentication triplets for the peer");
eap_sim_state(data, FAILURE);
return;
}
memcpy(data->nonce_mt, attr->nonce_mt, EAP_SIM_NONCE_MT_LEN);
eap_sim_derive_mk(data, sm->identity, sm->identity_len, attr->nonce_mt,
attr->selected_version, data->num_chal,
(u8 *) data->kc);
eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk);
eap_sim_state(data, CHALLENGE);
}
static void eap_sim_process_challenge(struct eap_sm *sm,
struct eap_sim_data *data,
u8 *respData, size_t respDataLen,
struct eap_sim_attrs *attr)
{
if (attr->mac == NULL ||
eap_sim_verify_mac(data->k_aut, respData, respDataLen, attr->mac,
(u8 *) data->sres, data->num_chal * SRES_LEN)) {
wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
"did not include valid AT_MAC");
eap_sim_state(data, FAILURE);
return;
}
wpa_printf(MSG_DEBUG, "EAP-SIM: Challenge response includes the "
"correct AT_MAC");
eap_sim_state(data, SUCCESS);
}
static void eap_sim_process_client_error(struct eap_sm *sm,
struct eap_sim_data *data,
u8 *respData, size_t respDataLen,
struct eap_sim_attrs *attr)
{
wpa_printf(MSG_DEBUG, "EAP-SIM: Client reported error %d",
attr->client_error_code);
eap_sim_state(data, FAILURE);
}
static void eap_sim_process(struct eap_sm *sm, void *priv,
u8 *respData, size_t respDataLen)
{
struct eap_sim_data *data = priv;
struct eap_hdr *resp;
u8 *pos, subtype;
size_t len;
struct eap_sim_attrs attr;
resp = (struct eap_hdr *) respData;
pos = (u8 *) (resp + 1);
subtype = pos[1];
len = ntohs(resp->length);
pos += 4;
if (eap_sim_parse_attr(pos, respData + len, &attr, 0, 0)) {
wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to parse attributes");
eap_sim_state(data, FAILURE);
return;
}
if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR) {
eap_sim_process_client_error(sm, data, respData, len, &attr);
return;
}
switch (data->state) {
case START:
eap_sim_process_start(sm, data, respData, len, &attr);
break;
case CHALLENGE:
eap_sim_process_challenge(sm, data, respData, len, &attr);
break;
default:
wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in "
"process", data->state);
break;
}
}
static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS || data->state == FAILURE;
}
static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
{
struct eap_sim_data *data = priv;
u8 *key;
if (data->state != SUCCESS)
return NULL;
key = malloc(EAP_SIM_KEYING_DATA_LEN);
if (key == NULL)
return NULL;
memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
*len = EAP_SIM_KEYING_DATA_LEN;
return key;
}
static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
return data->state == SUCCESS;
}
const struct eap_method eap_method_sim =
{
.method = EAP_TYPE_SIM,
.name = "SIM",
.init = eap_sim_init,
.reset = eap_sim_reset,
.buildReq = eap_sim_buildReq,
.check = eap_sim_check,
.process = eap_sim_process,
.isDone = eap_sim_isDone,
.getKey = eap_sim_getKey,
.isSuccess = eap_sim_isSuccess,
};