3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00

eap-aka: Updated EAP-AKA to use simauth module

This commit is contained in:
James Prestwood 2017-12-13 13:23:24 -08:00 committed by Denis Kenzior
parent 80aa03edd8
commit 1fa218fc8d

View File

@ -31,14 +31,11 @@
#include "crypto.h" #include "crypto.h"
#include "simutil.h" #include "simutil.h"
#include "simauth.h"
/* /*
* EAP-AKA specific values * EAP-AKA specific values
*/ */
#define EAP_AKA_KI_LEN 16
#define EAP_AKA_OPC_LEN 16
#define EAP_AKA_AMF_LEN 2
#define EAP_AKA_SQN_LEN 6
#define EAP_AKA_AUTN_LEN 16 #define EAP_AKA_AUTN_LEN 16
#define EAP_AKA_RES_LEN 8 #define EAP_AKA_RES_LEN 8
#define EAP_AKA_K_RE_LEN 32 #define EAP_AKA_K_RE_LEN 32
@ -91,46 +88,37 @@ struct eap_aka_handle {
/* Flag to indicate protected status indications */ /* Flag to indicate protected status indications */
bool protected : 1; bool protected : 1;
/* Subscriber key */
uint8_t ki[EAP_AKA_KI_LEN];
/* Key derived from OP and ki */
uint8_t opc[EAP_AKA_OPC_LEN];
/* Authentication management field */
uint8_t amf[EAP_AKA_AMF_LEN];
/* Sequence number */
uint8_t sqn[EAP_AKA_SQN_LEN];
/* Integrity key */
uint8_t ik[EAP_AKA_IK_LEN];
/* Signed response */
uint8_t res[EAP_AKA_RES_LEN];
/* Confidentiality key */
uint8_t ck[EAP_AKA_CK_LEN];
/* Authentication value from AuC */ /* Authentication value from AuC */
uint8_t autn[EAP_AKA_AUTN_LEN]; uint8_t autn[EAP_AKA_AUTN_LEN];
/* re-auth key */ /* re-auth key */
uint8_t k_re[EAP_AKA_K_RE_LEN]; uint8_t k_re[EAP_AKA_K_RE_LEN];
char *kdf_in;
uint8_t *chal_pkt;
uint32_t pkt_len;
struct iwd_sim_auth *auth;
unsigned int auth_watch;
}; };
static void eap_aka_free(struct eap_state *eap) static void eap_aka_free(struct eap_state *eap)
{ {
struct eap_aka_handle *aka = eap_get_data(eap); struct eap_aka_handle *aka = eap_get_data(eap);
if (aka->auth)
sim_auth_unregistered_watch_remove(aka->auth, aka->auth_watch);
l_free(aka->identity); l_free(aka->identity);
l_free(aka->kdf_in);
l_free(aka); l_free(aka);
eap_set_data(eap, NULL); eap_set_data(eap, NULL);
} }
static bool derive_aka_mk(const char *identity, uint8_t *ik, uint8_t *ck, static bool derive_aka_mk(const char *identity, const uint8_t *ik,
uint8_t *mk) const uint8_t *ck, uint8_t *mk)
{ {
int ret; int ret;
struct iovec iov[5]; struct iovec iov[5];
@ -162,6 +150,102 @@ mk_error:
return false; return false;
} }
static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
const uint8_t *ik, const uint8_t *auts, void *data)
{
struct eap_state *eap = data;
struct eap_aka_handle *aka = eap_get_data(eap);
uint8_t prng_buf[160];
size_t resp_len = aka->protected ? 44 : 40;
uint8_t response[resp_len + 4];
uint8_t *pos = response;
uint8_t ik_p[EAP_AKA_IK_LEN];
uint8_t ck_p[EAP_AKA_CK_LEN];
if (!res || !ck || !ik) {
l_free(aka->chal_pkt);
goto chal_error;
}
if (aka->type == EAP_TYPE_AKA_PRIME) {
if (!eap_aka_derive_primes(ck, ik, aka->autn,
(uint8_t *)aka->kdf_in, strlen(aka->kdf_in),
ck_p, ik_p)) {
l_error("could not derive primes");
goto chal_fatal;
}
if (!eap_aka_prf_prime(ik_p, ck_p, aka->identity, aka->k_encr,
aka->k_aut, aka->k_re, aka->msk, aka->emsk)) {
l_error("could not derive encryption keys");
goto chal_fatal;
}
} else {
if (!derive_aka_mk(aka->identity, ik, ck, aka->mk)) {
l_error("error deriving MK");
goto chal_fatal;
}
eap_sim_fips_prf(aka->mk, 20, prng_buf, 160);
if (!eap_sim_get_encryption_keys(prng_buf, aka->k_encr,
aka->k_aut, aka->msk, aka->emsk)) {
l_error("could not derive encryption keys");
goto chal_fatal;
}
}
if (!eap_sim_verify_mac(eap, aka->type, aka->chal_pkt, aka->pkt_len,
aka->k_aut, NULL, 0)) {
l_error("MAC was not valid");
l_free(aka->chal_pkt);
goto chal_error;
}
aka->state = EAP_AKA_STATE_CHALLENGE;
pos += eap_sim_build_header(eap, aka->type, EAP_AKA_ST_CHALLENGE,
pos, resp_len);
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_RES,
EAP_SIM_PAD_LENGTH_BITS, res, EAP_AKA_RES_LEN);
if (aka->protected)
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_RESULT_IND,
EAP_SIM_PAD_NONE, NULL, 2);
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE,
NULL, EAP_SIM_MAC_LEN);
if (!eap_sim_derive_mac(aka->type, response, resp_len, aka->k_aut,
pos - EAP_SIM_MAC_LEN)) {
l_error("error deriving MAC");
goto chal_fatal;
}
l_free(aka->chal_pkt);
eap_send_response(eap, aka->type, response, resp_len);
if (!aka->protected) {
eap_method_success(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
aka->state = EAP_AKA_STATE_SUCCESS;
}
return;
chal_fatal:
eap_method_error(eap);
aka->state = EAP_AKA_STATE_ERROR;
return;
chal_error:
eap_sim_client_error(eap, aka->type, EAP_SIM_ERROR_PROCESS);
}
/* /*
* Handles EAP-AKA Challenge subtype * Handles EAP-AKA Challenge subtype
*/ */
@ -170,17 +254,10 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
{ {
struct eap_aka_handle *aka = eap_get_data(eap); struct eap_aka_handle *aka = eap_get_data(eap);
struct eap_sim_tlv_iter iter; struct eap_sim_tlv_iter iter;
uint8_t prng_buf[160];
size_t resp_len = 40;
uint8_t response[resp_len + 4];
uint8_t *pos = response;
const uint8_t *rand = NULL; const uint8_t *rand = NULL;
const uint8_t *autn = NULL; const uint8_t *autn = NULL;
bool kdf_func = false; bool kdf_func = false;
const uint8_t *kdf_in = NULL;
uint16_t kdf_in_len = 0; uint16_t kdf_in_len = 0;
uint8_t ik_p[EAP_AKA_IK_LEN];
uint8_t ck_p[EAP_AKA_CK_LEN];
if (len < 3) { if (len < 3) {
l_error("packet is too small"); l_error("packet is too small");
@ -226,7 +303,6 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
} }
aka->protected = 1; aka->protected = 1;
resp_len += 4;
break; break;
@ -268,7 +344,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
goto chal_error; goto chal_error;
} }
kdf_in = contents + 2; aka->kdf_in = strndup((const char *)(contents + 2),
kdf_in_len);
break; break;
@ -300,86 +377,23 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
goto chal_error; goto chal_error;
} }
if (aka->type == EAP_TYPE_AKA_PRIME && (!kdf_in || !kdf_func)) { if (aka->type == EAP_TYPE_AKA_PRIME && (!aka->kdf_in || !kdf_func)) {
l_error("AT_KDF or AT_KDF_INPUT were not found"); l_error("AT_KDF or AT_KDF_INPUT were not found");
goto chal_error; goto chal_error;
} }
eap_aka_get_milenage(aka->opc, aka->ki, rand, aka->sqn, aka->amf, aka->chal_pkt = l_memdup(pkt, len);
aka->autn, aka->ck, aka->ik, aka->res); aka->pkt_len = len;
if (memcmp(autn, aka->autn, EAP_AKA_AUTN_LEN)) { /* AKA' needs AUTN for prime derivation */
l_error("EAP_SIM_AT_AUTN is not valid"); memcpy(aka->autn, autn, EAP_AKA_AUTN_LEN);
if (sim_auth_check_milenage(aka->auth, rand, autn, check_milenage_cb,
eap) < 0) {
l_free(aka->chal_pkt);
goto chal_error; goto chal_error;
} }
if (aka->type == EAP_TYPE_AKA_PRIME) {
if (!eap_aka_derive_primes(aka->ck, aka->ik, aka->autn, kdf_in,
kdf_in_len, ck_p, ik_p)) {
l_error("could not derive primes");
goto chal_fatal;
}
if (!eap_aka_prf_prime(ik_p, ck_p, aka->identity, aka->k_encr,
aka->k_aut, aka->k_re, aka->msk, aka->emsk)) {
l_error("could not derive encryption keys");
goto chal_fatal;
}
} else {
if (!derive_aka_mk(aka->identity, aka->ik, aka->ck, aka->mk)) {
l_error("error deriving MK");
goto chal_fatal;
}
eap_sim_fips_prf(aka->mk, 20, prng_buf, 160);
if (!eap_sim_get_encryption_keys(prng_buf, aka->k_encr,
aka->k_aut, aka->msk, aka->emsk)) {
l_error("could not derive encryption keys");
goto chal_fatal;
}
}
if (!eap_sim_verify_mac(eap, aka->type, pkt, len, aka->k_aut, NULL,
0)) {
l_error("MAC was not valid");
goto chal_error;
}
aka->state = EAP_AKA_STATE_CHALLENGE;
pos += eap_sim_build_header(eap, aka->type, EAP_AKA_ST_CHALLENGE,
pos, resp_len);
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_RES,
EAP_SIM_PAD_LENGTH_BITS, aka->res, EAP_AKA_RES_LEN);
if (aka->protected)
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_RESULT_IND,
EAP_SIM_PAD_NONE, NULL, 2);
pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE,
NULL, EAP_SIM_MAC_LEN);
if (!eap_sim_derive_mac(aka->type, response, resp_len, aka->k_aut,
pos - EAP_SIM_MAC_LEN)) {
l_error("error deriving MAC");
goto chal_fatal;
}
eap_send_response(eap, aka->type, response, resp_len);
if (!aka->protected) {
eap_method_success(eap);
eap_set_key_material(eap, aka->msk, 32, NULL, 0, NULL, 0);
aka->state = EAP_AKA_STATE_SUCCESS;
}
return;
chal_fatal:
eap_method_error(eap);
aka->state = EAP_AKA_STATE_ERROR;
return; return;
chal_error: chal_error:
@ -543,58 +557,53 @@ req_error:
eap_sim_client_error(eap, aka->type, EAP_SIM_ERROR_PROCESS); eap_sim_client_error(eap, aka->type, EAP_SIM_ERROR_PROCESS);
} }
static bool eap_aka_common_load_settings(struct eap_aka_handle *aka, static const char *eap_aka_get_identity(struct eap_state *eap)
{
struct eap_aka_handle *aka = eap_get_data(eap);
return aka->identity;
}
static void auth_destroyed(void *data)
{
struct eap_state *eap = data;
struct eap_aka_handle *aka = eap_get_data(eap);
/*
* If AKA was already successful we can return. Also if the state
* has been set to ERROR, then eap_method_error has already been called,
* so we can return.
*/
if (aka->state == EAP_AKA_STATE_SUCCESS ||
aka->state == EAP_AKA_STATE_ERROR)
return;
l_error("auth provider destroyed before AKA could finish");
aka->state = EAP_AKA_STATE_ERROR;
eap_method_error(eap);
}
static bool eap_aka_common_load_settings(struct eap_state *eap,
struct l_settings *settings, struct l_settings *settings,
const char *prefix) const char *prefix)
{ {
char setting[64]; struct eap_aka_handle *aka = eap_get_data(eap);
const char *imsi;
const char *ki;
const char *opc;
const char *amf;
const char *sqn;
size_t len;
snprintf(setting, sizeof(setting), "%sAKA-IMSI", prefix); /*
imsi = l_settings_get_value(settings, "Security", setting); * No specific settings for EAP-SIM, the auth provider will have all
if (imsi) * required data.
aka->identity = l_strdup(imsi); */
snprintf(setting, sizeof(setting), "%sAKA-KI", prefix); aka->auth = iwd_sim_auth_find(false, true);
ki = l_settings_get_value(settings, "Security", setting); if (!aka->auth) {
if (ki) { l_debug("no AKA driver available for %s", aka->identity);
uint8_t *val = l_util_from_hexstring(ki, &len); return false;
memcpy(aka->ki, val, len);
l_free(val);
} }
snprintf(setting, sizeof(setting), "%sAKA-OPC", prefix); aka->auth_watch = sim_auth_unregistered_watch_add(aka->auth,
opc = l_settings_get_value(settings, "Security", setting); auth_destroyed, eap);
if (opc) { aka->identity = l_strdup(iwd_sim_auth_get_nai(aka->auth));
uint8_t *val = l_util_from_hexstring(opc, &len);
memcpy(aka->opc, val, len);
l_free(val);
}
snprintf(setting, sizeof(setting), "%sAKA-AMF", prefix);
amf = l_settings_get_value(settings, "Security", setting);
if (amf) {
uint8_t *val = l_util_from_hexstring(amf, &len);
memcpy(aka->amf, val, len);
l_free(val);
}
snprintf(setting, sizeof(setting), "%sAKA-SQN", prefix);
sqn = l_settings_get_value(settings, "Security", setting);
if (sqn) {
uint8_t *val = l_util_from_hexstring(sqn, &len);
memcpy(aka->sqn, val, len);
l_free(val);
}
return true; return true;
} }
@ -608,7 +617,7 @@ static bool eap_aka_load_settings(struct eap_state *eap,
aka->type = EAP_TYPE_AKA; aka->type = EAP_TYPE_AKA;
eap_set_data(eap, aka); eap_set_data(eap, aka);
return eap_aka_common_load_settings(aka, settings, prefix); return eap_aka_common_load_settings(eap, settings, prefix);
} }
static bool eap_aka_prime_load_settings(struct eap_state *eap, static bool eap_aka_prime_load_settings(struct eap_state *eap,
@ -620,7 +629,7 @@ static bool eap_aka_prime_load_settings(struct eap_state *eap,
aka->type = EAP_TYPE_AKA_PRIME; aka->type = EAP_TYPE_AKA_PRIME;
eap_set_data(eap, aka); eap_set_data(eap, aka);
return eap_aka_common_load_settings(aka, settings, prefix); return eap_aka_common_load_settings(eap, settings, prefix);
} }
static struct eap_method eap_aka = { static struct eap_method eap_aka = {
@ -630,6 +639,7 @@ static struct eap_method eap_aka = {
.free = eap_aka_free, .free = eap_aka_free,
.handle_request = eap_aka_handle_request, .handle_request = eap_aka_handle_request,
.load_settings = eap_aka_load_settings, .load_settings = eap_aka_load_settings,
.get_identity = eap_aka_get_identity
}; };
static struct eap_method eap_aka_prime = { static struct eap_method eap_aka_prime = {
@ -639,6 +649,7 @@ static struct eap_method eap_aka_prime = {
.free = eap_aka_free, .free = eap_aka_free,
.handle_request = eap_aka_handle_request, .handle_request = eap_aka_handle_request,
.load_settings = eap_aka_prime_load_settings, .load_settings = eap_aka_prime_load_settings,
.get_identity = eap_aka_get_identity
}; };
static int eap_aka_init(void) static int eap_aka_init(void)