From e29d0dd69cb02774d0c5604b11193cc550f82d85 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 30 Aug 2017 15:13:36 -0700 Subject: [PATCH] simutil: updated EAP-SIM/AKA MAC API's to take type EAP-AKA' uses SHA256 rather than SHA1 to generate the packet MAC's. This updates the derive MAC API to take the EAP method type and correctly use the right SHA variant to derive the MAC. --- src/eap-aka.c | 6 +++--- src/eap-sim.c | 8 ++++---- src/simutil.c | 18 ++++++++++++++---- src/simutil.h | 4 ++-- 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/src/eap-aka.c b/src/eap-aka.c index b620272e..c9c7e098 100644 --- a/src/eap-aka.c +++ b/src/eap-aka.c @@ -298,7 +298,7 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt, pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN); - if (!eap_sim_derive_mac(response, resp_len, aka->k_aut, + if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, resp_len, aka->k_aut, pos - EAP_SIM_MAC_LEN)) { l_error("error deriving MAC"); goto chal_fatal; @@ -389,8 +389,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt, pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN); - if (!eap_sim_derive_mac(response, pos - response, aka->k_aut, - response + 12)) { + if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, pos - response, + aka->k_aut, response + 12)) { l_error("could not derive MAC"); eap_method_error(eap); aka->state = EAP_AKA_STATE_ERROR; diff --git a/src/eap-sim.c b/src/eap-sim.c index cfba78c9..c86a742c 100644 --- a/src/eap-sim.c +++ b/src/eap-sim.c @@ -415,8 +415,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt, memcpy(pos, sim->sres, EAP_SIM_SRES_LEN * 3); pos += EAP_SIM_SRES_LEN * 3; - if (!eap_sim_derive_mac(response, pos - response, sim->k_aut, - mac_pos + 4)) { + if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response, + sim->k_aut, mac_pos + 4)) { l_error("could not derive MAC"); goto chal_fatal; } @@ -513,8 +513,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt, pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN); - if (!eap_sim_derive_mac(response, pos - response, sim->k_aut, - response + 12)) { + if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response, + sim->k_aut, response + 12)) { l_error("could not derive MAC"); eap_method_error(eap); sim->state = EAP_SIM_STATE_ERROR; diff --git a/src/simutil.c b/src/simutil.c index 82cb61f3..ab7d15f6 100644 --- a/src/simutil.c +++ b/src/simutil.c @@ -431,10 +431,14 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr, return true; } -bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key, - uint8_t *mac) +bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len, + const uint8_t *key, uint8_t *mac) { - return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac, + if (type == EAP_TYPE_AKA_PRIME) + return hmac_sha256(key, EAP_AKA_PRIME_K_AUT_LEN, buf, len, + mac, EAP_SIM_MAC_LEN); + else + return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac, EAP_SIM_MAC_LEN); } @@ -547,7 +551,13 @@ bool eap_sim_verify_mac(struct eap_state *eap, enum eap_type type, iov[3].iov_base = extra; iov[3].iov_len = elen; - hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut, EAP_SIM_K_AUT_LEN); + if (type == EAP_TYPE_AKA_PRIME) + hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, k_aut, + EAP_AKA_PRIME_K_AUT_LEN); + else + hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut, + EAP_SIM_K_AUT_LEN); + l_checksum_updatev(hmac, iov, 4); /* reuse zero mac array for new mac */ l_checksum_get_digest(hmac, zero_mac, EAP_SIM_MAC_LEN); diff --git a/src/simutil.h b/src/simutil.h index d8a063df..a9295333 100644 --- a/src/simutil.h +++ b/src/simutil.h @@ -218,8 +218,8 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr, * key - encryption key to use (e.g. K_encr) * mac - buffer for the 16 byte MAC */ -bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key, - uint8_t *mac); +bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len, + const uint8_t *key, uint8_t *mac); /* * Helper to build the EAP packet header