aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_common
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-12-04 20:29:46 +0200
committerJouni Malinen <j@w1.fi>2008-12-04 20:29:46 +0200
commit6ec4021c03fab7b8982ba345d2bd078d67045511 (patch)
tree32378415e0c49f2129c521da2988dafe0969a34d /src/eap_common
parentb8ab62498412836cfc55b9a72f06f3d3b48767f3 (diff)
downloadexternal_wpa_supplicant_8_ti-6ec4021c03fab7b8982ba345d2bd078d67045511.zip
external_wpa_supplicant_8_ti-6ec4021c03fab7b8982ba345d2bd078d67045511.tar.gz
external_wpa_supplicant_8_ti-6ec4021c03fab7b8982ba345d2bd078d67045511.tar.bz2
EAP-AKA': Added processing of AT_KDF and AT_KDF_INPUT attributes
Network Name is not yet generated and validated based on 3GPP.33.402 (i.e., a hardcoded string is used in server and anything is accepted in peer).
Diffstat (limited to 'src/eap_common')
-rw-r--r--src/eap_common/eap_sim_common.c46
-rw-r--r--src/eap_common/eap_sim_common.h9
2 files changed, 55 insertions, 0 deletions
diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index 58253f9..9d1bf2c 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -788,6 +788,52 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RESULT_IND");
attr->result_ind = 1;
break;
+#ifdef EAP_AKA_PRIME
+ case EAP_SIM_AT_KDF_INPUT:
+ if (aka != 2) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Unexpected "
+ "AT_KDF_INPUT");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-AKA: AT_KDF_INPUT");
+ plen = WPA_GET_BE16(apos);
+ apos += 2;
+ alen -= 2;
+ if (plen > alen) {
+ wpa_printf(MSG_INFO, "EAP-AKA': Invalid "
+ "AT_KDF_INPUT (Actual Length %lu, "
+ "remaining length %lu)",
+ (unsigned long) plen,
+ (unsigned long) alen);
+ return -1;
+ }
+ attr->kdf_input = apos;
+ attr->kdf_input_len = plen;
+ break;
+ case EAP_SIM_AT_KDF:
+ if (aka != 2) {
+ wpa_printf(MSG_INFO, "EAP-AKA: Unexpected "
+ "AT_KDF");
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP-AKA: AT_KDF");
+ if (alen != 2) {
+ wpa_printf(MSG_INFO, "EAP-AKA': Invalid "
+ "AT_KDF (len %lu)",
+ (unsigned long) alen);
+ return -1;
+ }
+ if (attr->kdf_count == EAP_AKA_PRIME_KDF_MAX) {
+ wpa_printf(MSG_DEBUG, "EAP-AKA': Too many "
+ "AT_KDF attributes - ignore this");
+ continue;
+ }
+ attr->kdf[attr->kdf_count] = WPA_GET_BE16(apos);
+ attr->kdf_count++;
+ break;
+#endif /* EAP_AKA_PRIME */
default:
if (pos[0] < 128) {
wpa_printf(MSG_INFO, "EAP-SIM: Unrecognized "
diff --git a/src/eap_common/eap_sim_common.h b/src/eap_common/eap_sim_common.h
index 15efcb3..c799f2f 100644
--- a/src/eap_common/eap_sim_common.h
+++ b/src/eap_common/eap_sim_common.h
@@ -126,6 +126,8 @@ void eap_sim_add_mac_sha256(const u8 *k_aut, const u8 *msg, size_t msg_len,
#define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */
#define EAP_SIM_AT_NONCE_S 21 /* only encrypted */
#define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */
+#define EAP_SIM_AT_KDF_INPUT 23 /* only AKA' */
+#define EAP_SIM_AT_KDF 24 /* only AKA' */
#define EAP_SIM_AT_IV 129
#define EAP_SIM_AT_ENCR_DATA 130
#define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */
@@ -140,6 +142,8 @@ void eap_sim_add_mac_sha256(const u8 *k_aut, const u8 *msg, size_t msg_len,
#define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384
#define EAP_SIM_SUCCESS 32768
+/* EAP-AKA' AT_KDF Key Derivation Function values */
+#define EAP_AKA_PRIME_KDF 1
enum eap_sim_id_req {
NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID
@@ -151,14 +155,19 @@ struct eap_sim_attrs {
const u8 *next_pseudonym, *next_reauth_id;
const u8 *nonce_mt, *identity, *res, *auts;
const u8 *checkcode;
+ const u8 *kdf_input;
size_t num_chal, version_list_len, encr_data_len;
size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len;
size_t res_len_bits;
size_t checkcode_len;
+ size_t kdf_input_len;
enum eap_sim_id_req id_req;
int notification, counter, selected_version, client_error_code;
int counter_too_small;
int result_ind;
+#define EAP_AKA_PRIME_KDF_MAX 10
+ u16 kdf[EAP_AKA_PRIME_KDF_MAX];
+ size_t kdf_count;
};
int eap_sim_parse_attr(const u8 *start, const u8 *end,