2 * EAP peer/server: EAP-SIM/AKA shared routines
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "eap_common/eap_defs.h"
23 #include "eap_common/eap_sim_common.h"
26 static int eap_sim_prf(const u8
*key
, u8
*x
, size_t xlen
)
28 return fips186_2_prf(key
, EAP_SIM_MK_LEN
, x
, xlen
);
32 void eap_sim_derive_mk(const u8
*identity
, size_t identity_len
,
33 const u8
*nonce_mt
, u16 selected_version
,
34 const u8
*ver_list
, size_t ver_list_len
,
35 int num_chal
, const u8
*kc
, u8
*mk
)
38 const unsigned char *addr
[5];
42 len
[0] = identity_len
;
44 len
[1] = num_chal
* EAP_SIM_KC_LEN
;
46 len
[2] = EAP_SIM_NONCE_MT_LEN
;
48 len
[3] = ver_list_len
;
52 WPA_PUT_BE16(sel_ver
, selected_version
);
54 /* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
55 sha1_vector(5, addr
, len
, mk
);
56 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: MK", mk
, EAP_SIM_MK_LEN
);
60 void eap_aka_derive_mk(const u8
*identity
, size_t identity_len
,
61 const u8
*ik
, const u8
*ck
, u8
*mk
)
67 len
[0] = identity_len
;
69 len
[1] = EAP_AKA_IK_LEN
;
71 len
[2] = EAP_AKA_CK_LEN
;
73 /* MK = SHA1(Identity|IK|CK) */
74 sha1_vector(3, addr
, len
, mk
);
75 wpa_hexdump_key(MSG_DEBUG
, "EAP-AKA: IK", ik
, EAP_AKA_IK_LEN
);
76 wpa_hexdump_key(MSG_DEBUG
, "EAP-AKA: CK", ck
, EAP_AKA_CK_LEN
);
77 wpa_hexdump_key(MSG_DEBUG
, "EAP-AKA: MK", mk
, EAP_SIM_MK_LEN
);
81 int eap_sim_derive_keys(const u8
*mk
, u8
*k_encr
, u8
*k_aut
, u8
*msk
, u8
*emsk
)
83 u8 buf
[EAP_SIM_K_ENCR_LEN
+ EAP_SIM_K_AUT_LEN
+
84 EAP_SIM_KEYING_DATA_LEN
+ EAP_EMSK_LEN
], *pos
;
85 if (eap_sim_prf(mk
, buf
, sizeof(buf
)) < 0) {
86 wpa_printf(MSG_ERROR
, "EAP-SIM: Failed to derive keys");
90 os_memcpy(k_encr
, pos
, EAP_SIM_K_ENCR_LEN
);
91 pos
+= EAP_SIM_K_ENCR_LEN
;
92 os_memcpy(k_aut
, pos
, EAP_SIM_K_AUT_LEN
);
93 pos
+= EAP_SIM_K_AUT_LEN
;
94 os_memcpy(msk
, pos
, EAP_SIM_KEYING_DATA_LEN
);
95 pos
+= EAP_SIM_KEYING_DATA_LEN
;
96 os_memcpy(emsk
, pos
, EAP_EMSK_LEN
);
98 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: K_encr",
99 k_encr
, EAP_SIM_K_ENCR_LEN
);
100 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: K_aut",
101 k_aut
, EAP_SIM_K_AUT_LEN
);
102 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: keying material (MSK)",
103 msk
, EAP_SIM_KEYING_DATA_LEN
);
104 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: EMSK", emsk
, EAP_EMSK_LEN
);
105 os_memset(buf
, 0, sizeof(buf
));
111 int eap_sim_derive_keys_reauth(u16 _counter
,
112 const u8
*identity
, size_t identity_len
,
113 const u8
*nonce_s
, const u8
*mk
, u8
*msk
,
116 u8 xkey
[SHA1_MAC_LEN
];
117 u8 buf
[EAP_SIM_KEYING_DATA_LEN
+ EAP_EMSK_LEN
+ 32];
122 while (identity_len
> 0 && identity
[identity_len
- 1] == 0) {
123 wpa_printf(MSG_DEBUG
, "EAP-SIM: Workaround - drop null "
124 "character from the end of identity");
128 len
[0] = identity_len
;
132 len
[2] = EAP_SIM_NONCE_S_LEN
;
134 len
[3] = EAP_SIM_MK_LEN
;
136 WPA_PUT_BE16(counter
, _counter
);
138 wpa_printf(MSG_DEBUG
, "EAP-SIM: Deriving keying data from reauth");
139 wpa_hexdump_ascii(MSG_DEBUG
, "EAP-SIM: Identity",
140 identity
, identity_len
);
141 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: counter", counter
, 2);
142 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: NONCE_S", nonce_s
,
143 EAP_SIM_NONCE_S_LEN
);
144 wpa_hexdump_key(MSG_DEBUG
, "EAP-SIM: MK", mk
, EAP_SIM_MK_LEN
);
146 /* XKEY' = SHA1(Identity|counter|NONCE_S|MK) */
147 sha1_vector(4, addr
, len
, xkey
);
148 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: XKEY'", xkey
, SHA1_MAC_LEN
);
150 if (eap_sim_prf(xkey
, buf
, sizeof(buf
)) < 0) {
151 wpa_printf(MSG_ERROR
, "EAP-SIM: Failed to derive keys");
155 os_memcpy(msk
, buf
, EAP_SIM_KEYING_DATA_LEN
);
156 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: keying material (MSK)",
157 msk
, EAP_SIM_KEYING_DATA_LEN
);
160 os_memcpy(emsk
, buf
+ EAP_SIM_KEYING_DATA_LEN
, EAP_EMSK_LEN
);
161 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: EMSK", emsk
, EAP_EMSK_LEN
);
163 os_memset(buf
, 0, sizeof(buf
));
169 int eap_sim_verify_mac(const u8
*k_aut
, const struct wpabuf
*req
,
170 const u8
*mac
, const u8
*extra
, size_t extra_len
)
172 unsigned char hmac
[SHA1_MAC_LEN
];
177 if (mac
== NULL
|| wpabuf_len(req
) < EAP_SIM_MAC_LEN
||
178 mac
< wpabuf_head_u8(req
) ||
179 mac
> wpabuf_head_u8(req
) + wpabuf_len(req
) - EAP_SIM_MAC_LEN
)
182 tmp
= os_malloc(wpabuf_len(req
));
187 len
[0] = wpabuf_len(req
);
192 os_memcpy(tmp
, wpabuf_head(req
), wpabuf_len(req
));
193 os_memset(tmp
+ (mac
- wpabuf_head_u8(req
)), 0, EAP_SIM_MAC_LEN
);
194 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Verify MAC - msg",
195 tmp
, wpabuf_len(req
));
196 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Verify MAC - extra data",
198 wpa_hexdump_key(MSG_MSGDUMP
, "EAP-SIM: Verify MAC - K_aut",
199 k_aut
, EAP_SIM_K_AUT_LEN
);
200 hmac_sha1_vector(k_aut
, EAP_SIM_K_AUT_LEN
, 2, addr
, len
, hmac
);
201 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Verify MAC: MAC",
202 hmac
, EAP_SIM_MAC_LEN
);
205 return (os_memcmp(hmac
, mac
, EAP_SIM_MAC_LEN
) == 0) ? 0 : 1;
209 void eap_sim_add_mac(const u8
*k_aut
, const u8
*msg
, size_t msg_len
, u8
*mac
,
210 const u8
*extra
, size_t extra_len
)
212 unsigned char hmac
[SHA1_MAC_LEN
];
222 os_memset(mac
, 0, EAP_SIM_MAC_LEN
);
223 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Add MAC - msg", msg
, msg_len
);
224 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Add MAC - extra data",
226 wpa_hexdump_key(MSG_MSGDUMP
, "EAP-SIM: Add MAC - K_aut",
227 k_aut
, EAP_SIM_K_AUT_LEN
);
228 hmac_sha1_vector(k_aut
, EAP_SIM_K_AUT_LEN
, 2, addr
, len
, hmac
);
229 os_memcpy(mac
, hmac
, EAP_SIM_MAC_LEN
);
230 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Add MAC: MAC",
231 mac
, EAP_SIM_MAC_LEN
);
235 int eap_sim_parse_attr(const u8
*start
, const u8
*end
,
236 struct eap_sim_attrs
*attr
, int aka
, int encr
)
238 const u8
*pos
= start
, *apos
;
239 size_t alen
, plen
, i
, list_len
;
241 os_memset(attr
, 0, sizeof(*attr
));
242 attr
->id_req
= NO_ID_REQ
;
243 attr
->notification
= -1;
245 attr
->selected_version
= -1;
246 attr
->client_error_code
= -1;
250 wpa_printf(MSG_INFO
, "EAP-SIM: Attribute overflow(1)");
253 wpa_printf(MSG_MSGDUMP
, "EAP-SIM: Attribute: Type=%d Len=%d",
255 if (pos
+ pos
[1] * 4 > end
) {
256 wpa_printf(MSG_INFO
, "EAP-SIM: Attribute overflow "
257 "(pos=%p len=%d end=%p)",
258 pos
, pos
[1] * 4, end
);
262 wpa_printf(MSG_INFO
, "EAP-SIM: Attribute underflow");
266 alen
= pos
[1] * 4 - 2;
267 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Attribute data",
271 case EAP_SIM_AT_RAND
:
272 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_RAND");
275 if ((!aka
&& (alen
% GSM_RAND_LEN
)) ||
276 (aka
&& alen
!= EAP_AKA_RAND_LEN
)) {
277 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid AT_RAND"
279 (unsigned long) alen
);
283 attr
->num_chal
= alen
/ GSM_RAND_LEN
;
285 case EAP_SIM_AT_AUTN
:
286 wpa_printf(MSG_DEBUG
, "EAP-AKA: AT_AUTN");
288 wpa_printf(MSG_DEBUG
, "EAP-SIM: "
289 "Unexpected AT_AUTN");
294 if (alen
!= EAP_AKA_AUTN_LEN
) {
295 wpa_printf(MSG_INFO
, "EAP-AKA: Invalid AT_AUTN"
297 (unsigned long) alen
);
302 case EAP_SIM_AT_PADDING
:
304 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
308 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) AT_PADDING");
309 for (i
= 2; i
< alen
; i
++) {
311 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) "
312 "AT_PADDING used a non-zero"
314 wpa_hexdump(MSG_DEBUG
, "EAP-SIM: "
315 "(encr) padding bytes",
321 case EAP_SIM_AT_NONCE_MT
:
322 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_NONCE_MT");
323 if (alen
!= 2 + EAP_SIM_NONCE_MT_LEN
) {
324 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
325 "AT_NONCE_MT length");
328 attr
->nonce_mt
= apos
+ 2;
330 case EAP_SIM_AT_PERMANENT_ID_REQ
:
331 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_PERMANENT_ID_REQ");
332 attr
->id_req
= PERMANENT_ID
;
335 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_MAC");
336 if (alen
!= 2 + EAP_SIM_MAC_LEN
) {
337 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid AT_MAC "
341 attr
->mac
= apos
+ 2;
343 case EAP_SIM_AT_NOTIFICATION
:
345 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
346 "AT_NOTIFICATION length %lu",
347 (unsigned long) alen
);
350 attr
->notification
= apos
[0] * 256 + apos
[1];
351 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_NOTIFICATION %d",
354 case EAP_SIM_AT_ANY_ID_REQ
:
355 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_ANY_ID_REQ");
356 attr
->id_req
= ANY_ID
;
358 case EAP_SIM_AT_IDENTITY
:
359 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_IDENTITY");
360 attr
->identity
= apos
+ 2;
361 attr
->identity_len
= alen
- 2;
363 case EAP_SIM_AT_VERSION_LIST
:
365 wpa_printf(MSG_DEBUG
, "EAP-AKA: "
366 "Unexpected AT_VERSION_LIST");
369 list_len
= apos
[0] * 256 + apos
[1];
370 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_VERSION_LIST");
371 if (list_len
< 2 || list_len
> alen
- 2) {
372 wpa_printf(MSG_WARNING
, "EAP-SIM: Invalid "
373 "AT_VERSION_LIST (list_len=%lu "
375 (unsigned long) list_len
,
376 (unsigned long) alen
);
379 attr
->version_list
= apos
+ 2;
380 attr
->version_list_len
= list_len
;
382 case EAP_SIM_AT_SELECTED_VERSION
:
383 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_SELECTED_VERSION");
385 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
386 "AT_SELECTED_VERSION length %lu",
387 (unsigned long) alen
);
390 attr
->selected_version
= apos
[0] * 256 + apos
[1];
391 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_SELECTED_VERSION "
392 "%d", attr
->selected_version
);
394 case EAP_SIM_AT_FULLAUTH_ID_REQ
:
395 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_FULLAUTH_ID_REQ");
396 attr
->id_req
= FULLAUTH_ID
;
398 case EAP_SIM_AT_COUNTER
:
400 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
405 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Invalid "
406 "AT_COUNTER (alen=%lu)",
407 (unsigned long) alen
);
410 attr
->counter
= apos
[0] * 256 + apos
[1];
411 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) AT_COUNTER %d",
414 case EAP_SIM_AT_COUNTER_TOO_SMALL
:
416 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
417 "AT_COUNTER_TOO_SMALL");
421 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Invalid "
422 "AT_COUNTER_TOO_SMALL (alen=%lu)",
423 (unsigned long) alen
);
426 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) "
427 "AT_COUNTER_TOO_SMALL");
428 attr
->counter_too_small
= 1;
430 case EAP_SIM_AT_NONCE_S
:
432 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
436 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) "
438 if (alen
!= 2 + EAP_SIM_NONCE_S_LEN
) {
439 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Invalid "
440 "AT_NONCE_S (alen=%lu)",
441 (unsigned long) alen
);
444 attr
->nonce_s
= apos
+ 2;
446 case EAP_SIM_AT_CLIENT_ERROR_CODE
:
448 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
449 "AT_CLIENT_ERROR_CODE length %lu",
450 (unsigned long) alen
);
453 attr
->client_error_code
= apos
[0] * 256 + apos
[1];
454 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_CLIENT_ERROR_CODE "
455 "%d", attr
->client_error_code
);
458 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_IV");
459 if (alen
!= 2 + EAP_SIM_MAC_LEN
) {
460 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid AT_IV "
461 "length %lu", (unsigned long) alen
);
466 case EAP_SIM_AT_ENCR_DATA
:
467 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_ENCR_DATA");
468 attr
->encr_data
= apos
+ 2;
469 attr
->encr_data_len
= alen
- 2;
470 if (attr
->encr_data_len
% 16) {
471 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
472 "AT_ENCR_DATA length %lu",
474 attr
->encr_data_len
);
478 case EAP_SIM_AT_NEXT_PSEUDONYM
:
480 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
481 "AT_NEXT_PSEUDONYM");
484 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) "
485 "AT_NEXT_PSEUDONYM");
486 plen
= apos
[0] * 256 + apos
[1];
487 if (plen
> alen
- 2) {
488 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Invalid"
489 " AT_NEXT_PSEUDONYM (actual"
490 " len %lu, attr len %lu)",
491 (unsigned long) plen
,
492 (unsigned long) alen
);
495 attr
->next_pseudonym
= pos
+ 4;
496 attr
->next_pseudonym_len
= plen
;
498 case EAP_SIM_AT_NEXT_REAUTH_ID
:
500 wpa_printf(MSG_ERROR
, "EAP-SIM: Unencrypted "
501 "AT_NEXT_REAUTH_ID");
504 wpa_printf(MSG_DEBUG
, "EAP-SIM: (encr) "
505 "AT_NEXT_REAUTH_ID");
506 plen
= apos
[0] * 256 + apos
[1];
507 if (plen
> alen
- 2) {
508 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Invalid"
509 " AT_NEXT_REAUTH_ID (actual"
510 " len %lu, attr len %lu)",
511 (unsigned long) plen
,
512 (unsigned long) alen
);
515 attr
->next_reauth_id
= pos
+ 4;
516 attr
->next_reauth_id_len
= plen
;
519 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_RES");
522 if (!aka
|| alen
< EAP_AKA_MIN_RES_LEN
||
523 alen
> EAP_AKA_MAX_RES_LEN
) {
524 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid AT_RES "
526 (unsigned long) alen
);
530 attr
->res_len
= alen
;
532 case EAP_SIM_AT_AUTS
:
533 wpa_printf(MSG_DEBUG
, "EAP-AKA: AT_AUTS");
535 wpa_printf(MSG_DEBUG
, "EAP-SIM: "
536 "Unexpected AT_AUTS");
539 if (alen
!= EAP_AKA_AUTS_LEN
) {
540 wpa_printf(MSG_INFO
, "EAP-AKA: Invalid AT_AUTS"
542 (unsigned long) alen
);
547 case EAP_SIM_AT_CHECKCODE
:
548 wpa_printf(MSG_DEBUG
, "EAP-AKA: AT_CHECKCODE");
550 wpa_printf(MSG_DEBUG
, "EAP-SIM: "
551 "Unexpected AT_CHECKCODE");
556 if (alen
!= 0 && alen
!= EAP_AKA_CHECKCODE_LEN
) {
557 wpa_printf(MSG_INFO
, "EAP-AKA: Invalid "
558 "AT_CHECKCODE (len %lu)",
559 (unsigned long) alen
);
562 attr
->checkcode
= apos
;
563 attr
->checkcode_len
= alen
;
565 case EAP_SIM_AT_RESULT_IND
:
567 wpa_printf(MSG_ERROR
, "EAP-SIM: Encrypted "
572 wpa_printf(MSG_INFO
, "EAP-SIM: Invalid "
573 "AT_RESULT_IND (alen=%lu)",
574 (unsigned long) alen
);
577 wpa_printf(MSG_DEBUG
, "EAP-SIM: AT_RESULT_IND");
578 attr
->result_ind
= 1;
582 wpa_printf(MSG_INFO
, "EAP-SIM: Unrecognized "
583 "non-skippable attribute %d",
588 wpa_printf(MSG_DEBUG
, "EAP-SIM: Unrecognized skippable"
589 " attribute %d ignored", pos
[0]);
596 wpa_printf(MSG_DEBUG
, "EAP-SIM: Attributes parsed successfully "
597 "(aka=%d encr=%d)", aka
, encr
);
603 u8
* eap_sim_parse_encr(const u8
*k_encr
, const u8
*encr_data
,
604 size_t encr_data_len
, const u8
*iv
,
605 struct eap_sim_attrs
*attr
, int aka
)
610 wpa_printf(MSG_INFO
, "EAP-SIM: Encrypted data, but no IV");
614 decrypted
= os_malloc(encr_data_len
);
615 if (decrypted
== NULL
)
617 os_memcpy(decrypted
, encr_data
, encr_data_len
);
619 if (aes_128_cbc_decrypt(k_encr
, iv
, decrypted
, encr_data_len
)) {
623 wpa_hexdump(MSG_MSGDUMP
, "EAP-SIM: Decrypted AT_ENCR_DATA",
624 decrypted
, encr_data_len
);
626 if (eap_sim_parse_attr(decrypted
, decrypted
+ encr_data_len
, attr
,
628 wpa_printf(MSG_INFO
, "EAP-SIM: (encr) Failed to parse "
629 "decrypted AT_ENCR_DATA");
638 #define EAP_SIM_INIT_LEN 128
642 size_t mac
, iv
, encr
; /* index from buf */
646 struct eap_sim_msg
* eap_sim_msg_init(int code
, int id
, int type
, int subtype
)
648 struct eap_sim_msg
*msg
;
652 msg
= os_zalloc(sizeof(*msg
));
656 msg
->buf
= wpabuf_alloc(EAP_SIM_INIT_LEN
);
657 if (msg
->buf
== NULL
) {
661 eap
= wpabuf_put(msg
->buf
, sizeof(*eap
));
663 eap
->identifier
= id
;
665 pos
= wpabuf_put(msg
->buf
, 4);
668 *pos
++ = 0; /* Reserved */
669 *pos
++ = 0; /* Reserved */
675 struct wpabuf
* eap_sim_msg_finish(struct eap_sim_msg
*msg
, const u8
*k_aut
,
676 const u8
*extra
, size_t extra_len
)
684 eap
= wpabuf_mhead(msg
->buf
);
685 eap
->length
= host_to_be16(wpabuf_len(msg
->buf
));
687 if (k_aut
&& msg
->mac
) {
688 eap_sim_add_mac(k_aut
, (u8
*) wpabuf_head(msg
->buf
),
689 wpabuf_len(msg
->buf
),
690 (u8
*) wpabuf_mhead(msg
->buf
) + msg
->mac
,
700 void eap_sim_msg_free(struct eap_sim_msg
*msg
)
703 wpabuf_free(msg
->buf
);
709 u8
* eap_sim_msg_add_full(struct eap_sim_msg
*msg
, u8 attr
,
710 const u8
*data
, size_t len
)
712 int attr_len
= 2 + len
;
719 pad_len
= (4 - attr_len
% 4) % 4;
721 if (wpabuf_resize(&msg
->buf
, attr_len
))
723 start
= wpabuf_put(msg
->buf
, 0);
724 wpabuf_put_u8(msg
->buf
, attr
);
725 wpabuf_put_u8(msg
->buf
, attr_len
/ 4);
726 wpabuf_put_data(msg
->buf
, data
, len
);
728 os_memset(wpabuf_put(msg
->buf
, pad_len
), 0, pad_len
);
733 u8
* eap_sim_msg_add(struct eap_sim_msg
*msg
, u8 attr
, u16 value
,
734 const u8
*data
, size_t len
)
736 int attr_len
= 4 + len
;
743 pad_len
= (4 - attr_len
% 4) % 4;
745 if (wpabuf_resize(&msg
->buf
, attr_len
))
747 start
= wpabuf_put(msg
->buf
, 0);
748 wpabuf_put_u8(msg
->buf
, attr
);
749 wpabuf_put_u8(msg
->buf
, attr_len
/ 4);
750 wpabuf_put_be16(msg
->buf
, value
);
752 wpabuf_put_data(msg
->buf
, data
, len
);
754 wpabuf_put(msg
->buf
, len
);
756 os_memset(wpabuf_put(msg
->buf
, pad_len
), 0, pad_len
);
761 u8
* eap_sim_msg_add_mac(struct eap_sim_msg
*msg
, u8 attr
)
763 u8
*pos
= eap_sim_msg_add(msg
, attr
, 0, NULL
, EAP_SIM_MAC_LEN
);
765 msg
->mac
= (pos
- wpabuf_head_u8(msg
->buf
)) + 4;
770 int eap_sim_msg_add_encr_start(struct eap_sim_msg
*msg
, u8 attr_iv
,
773 u8
*pos
= eap_sim_msg_add(msg
, attr_iv
, 0, NULL
, EAP_SIM_IV_LEN
);
776 msg
->iv
= (pos
- wpabuf_head_u8(msg
->buf
)) + 4;
777 if (os_get_random(wpabuf_mhead_u8(msg
->buf
) + msg
->iv
,
783 pos
= eap_sim_msg_add(msg
, attr_encr
, 0, NULL
, 0);
788 msg
->encr
= pos
- wpabuf_head_u8(msg
->buf
);
794 int eap_sim_msg_add_encr_end(struct eap_sim_msg
*msg
, u8
*k_encr
, int attr_pad
)
798 if (msg
== NULL
|| k_encr
== NULL
|| msg
->iv
== 0 || msg
->encr
== 0)
801 encr_len
= wpabuf_len(msg
->buf
) - msg
->encr
- 4;
804 int pad_len
= 16 - (encr_len
% 16);
806 wpa_printf(MSG_WARNING
, "EAP-SIM: "
807 "eap_sim_msg_add_encr_end - invalid pad_len"
811 wpa_printf(MSG_DEBUG
, " *AT_PADDING");
812 pos
= eap_sim_msg_add(msg
, attr_pad
, 0, NULL
, pad_len
- 4);
815 os_memset(pos
+ 4, 0, pad_len
- 4);
818 wpa_printf(MSG_DEBUG
, " (AT_ENCR_DATA data len %lu)",
819 (unsigned long) encr_len
);
820 wpabuf_mhead_u8(msg
->buf
)[msg
->encr
+ 1] = encr_len
/ 4 + 1;
821 return aes_128_cbc_encrypt(k_encr
, wpabuf_head_u8(msg
->buf
) + msg
->iv
,
822 wpabuf_mhead_u8(msg
->buf
) + msg
->encr
+ 4,
827 void eap_sim_report_notification(void *msg_ctx
, int notification
, int aka
)
829 #ifndef CONFIG_NO_STDOUT_DEBUG
830 const char *type
= aka
? "AKA" : "SIM";
831 #endif /* CONFIG_NO_STDOUT_DEBUG */
833 switch (notification
) {
834 case EAP_SIM_GENERAL_FAILURE_AFTER_AUTH
:
835 wpa_printf(MSG_WARNING
, "EAP-%s: General failure "
836 "notification (after authentication)", type
);
838 case EAP_SIM_TEMPORARILY_DENIED
:
839 wpa_printf(MSG_WARNING
, "EAP-%s: Failure notification: "
840 "User has been temporarily denied access to the "
841 "requested service", type
);
843 case EAP_SIM_NOT_SUBSCRIBED
:
844 wpa_printf(MSG_WARNING
, "EAP-%s: Failure notification: "
845 "User has not subscribed to the requested service",
848 case EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH
:
849 wpa_printf(MSG_WARNING
, "EAP-%s: General failure "
850 "notification (before authentication)", type
);
852 case EAP_SIM_SUCCESS
:
853 wpa_printf(MSG_INFO
, "EAP-%s: Successful authentication "
854 "notification", type
);
857 if (notification
>= 32768) {
858 wpa_printf(MSG_INFO
, "EAP-%s: Unrecognized "
859 "non-failure notification %d",
862 wpa_printf(MSG_WARNING
, "EAP-%s: Unrecognized "
863 "failure notification %d",
