simutil: updated EAP-SIM/AKA MAC API's to take type

EAP-AKA' uses SHA256 rather than SHA1 to generate the packet MAC's.
This updates the derive MAC API to take the EAP method type and
correctly use the right SHA variant to derive the MAC.

src/eap-aka.c

@@ -298,7 +298,7 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
 	pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE,
 			NULL, EAP_SIM_MAC_LEN);
 
-	if (!eap_sim_derive_mac(response, resp_len, aka->k_aut,
+	if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, resp_len, aka->k_aut,
 			pos - EAP_SIM_MAC_LEN)) {
 		l_error("error deriving MAC");
 		goto chal_fatal;
@@ -389,8 +389,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
 		pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
 				EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
 
-		if (!eap_sim_derive_mac(response, pos - response, aka->k_aut,
-				response + 12)) {
+		if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, pos - response,
+				aka->k_aut, response + 12)) {
 			l_error("could not derive MAC");
 			eap_method_error(eap);
 			aka->state = EAP_AKA_STATE_ERROR;

src/eap-sim.c

@@ -415,8 +415,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
 	memcpy(pos, sim->sres, EAP_SIM_SRES_LEN * 3);
 	pos += EAP_SIM_SRES_LEN * 3;
 
-	if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
-			mac_pos + 4)) {
+	if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
+			sim->k_aut, mac_pos + 4)) {
 		l_error("could not derive MAC");
 		goto chal_fatal;
 	}
@@ -513,8 +513,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
 		pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
 				EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
 
-		if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
-				response + 12)) {
+		if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
+				sim->k_aut, response + 12)) {
 			l_error("could not derive MAC");
 			eap_method_error(eap);
 			sim->state = EAP_SIM_STATE_ERROR;

src/simutil.c

@@ -431,10 +431,14 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
 	return true;
 }
 
-bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
-		uint8_t *mac)
+bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
+		const uint8_t *key, uint8_t *mac)
 {
-	return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac,
+	if (type == EAP_TYPE_AKA_PRIME)
+		return hmac_sha256(key, EAP_AKA_PRIME_K_AUT_LEN, buf, len,
+				mac, EAP_SIM_MAC_LEN);
+	else
+		return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac,
 			EAP_SIM_MAC_LEN);
 }
 
@@ -547,7 +551,13 @@ bool eap_sim_verify_mac(struct eap_state *eap, enum eap_type type,
 	iov[3].iov_base = extra;
 	iov[3].iov_len = elen;
 
-	hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut, EAP_SIM_K_AUT_LEN);
+	if (type == EAP_TYPE_AKA_PRIME)
+		hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, k_aut,
+				EAP_AKA_PRIME_K_AUT_LEN);
+	else
+		hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut,
+				EAP_SIM_K_AUT_LEN);
+
 	l_checksum_updatev(hmac, iov, 4);
 	/* reuse zero mac array for new mac */
 	l_checksum_get_digest(hmac, zero_mac, EAP_SIM_MAC_LEN);

src/simutil.h

@@ -218,8 +218,8 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
  * key - encryption key to use (e.g. K_encr)
  * mac - buffer for the 16 byte MAC
  */
-bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
-		uint8_t *mac);
+bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
+		const uint8_t *key, uint8_t *mac);
 
 /*
  * Helper to build the EAP packet header