Home | History | Annotate | Download | only in eap_peer
      1 /*
      2  * EAP peer method: EAP-SIM (RFC 4186)
      3  * Copyright (c) 2004-2012, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "pcsc_funcs.h"
     13 #include "crypto/milenage.h"
     14 #include "crypto/random.h"
     15 #include "eap_peer/eap_i.h"
     16 #include "eap_config.h"
     17 #include "eap_common/eap_sim_common.h"
     18 
     19 
     20 struct eap_sim_data {
     21 	u8 *ver_list;
     22 	size_t ver_list_len;
     23 	int selected_version;
     24 	size_t min_num_chal, num_chal;
     25 
     26 	u8 kc[3][EAP_SIM_KC_LEN];
     27 	u8 sres[3][EAP_SIM_SRES_LEN];
     28 	u8 nonce_mt[EAP_SIM_NONCE_MT_LEN], nonce_s[EAP_SIM_NONCE_S_LEN];
     29 	u8 mk[EAP_SIM_MK_LEN];
     30 	u8 k_aut[EAP_SIM_K_AUT_LEN];
     31 	u8 k_encr[EAP_SIM_K_ENCR_LEN];
     32 	u8 msk[EAP_SIM_KEYING_DATA_LEN];
     33 	u8 emsk[EAP_EMSK_LEN];
     34 	u8 rand[3][GSM_RAND_LEN];
     35 
     36 	int num_id_req, num_notification;
     37 	u8 *pseudonym;
     38 	size_t pseudonym_len;
     39 	u8 *reauth_id;
     40 	size_t reauth_id_len;
     41 	int reauth;
     42 	unsigned int counter, counter_too_small;
     43 	u8 *last_eap_identity;
     44 	size_t last_eap_identity_len;
     45 	enum {
     46 		CONTINUE, RESULT_SUCCESS, RESULT_FAILURE, SUCCESS, FAILURE
     47 	} state;
     48 	int result_ind, use_result_ind;
     49 };
     50 
     51 
     52 #ifndef CONFIG_NO_STDOUT_DEBUG
     53 static const char * eap_sim_state_txt(int state)
     54 {
     55 	switch (state) {
     56 	case CONTINUE:
     57 		return "CONTINUE";
     58 	case RESULT_SUCCESS:
     59 		return "RESULT_SUCCESS";
     60 	case RESULT_FAILURE:
     61 		return "RESULT_FAILURE";
     62 	case SUCCESS:
     63 		return "SUCCESS";
     64 	case FAILURE:
     65 		return "FAILURE";
     66 	default:
     67 		return "?";
     68 	}
     69 }
     70 #endif /* CONFIG_NO_STDOUT_DEBUG */
     71 
     72 
     73 static void eap_sim_state(struct eap_sim_data *data, int state)
     74 {
     75 	wpa_printf(MSG_DEBUG, "EAP-SIM: %s -> %s",
     76 		   eap_sim_state_txt(data->state),
     77 		   eap_sim_state_txt(state));
     78 	data->state = state;
     79 }
     80 
     81 
     82 static void * eap_sim_init(struct eap_sm *sm)
     83 {
     84 	struct eap_sim_data *data;
     85 	struct eap_peer_config *config = eap_get_config(sm);
     86 
     87 	data = os_zalloc(sizeof(*data));
     88 	if (data == NULL)
     89 		return NULL;
     90 
     91 	if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
     92 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
     93 			   "for NONCE_MT");
     94 		os_free(data);
     95 		return NULL;
     96 	}
     97 
     98 	data->min_num_chal = 2;
     99 	if (config && config->phase1) {
    100 		char *pos = os_strstr(config->phase1, "sim_min_num_chal=");
    101 		if (pos) {
    102 			data->min_num_chal = atoi(pos + 17);
    103 			if (data->min_num_chal < 2 || data->min_num_chal > 3) {
    104 				wpa_printf(MSG_WARNING, "EAP-SIM: Invalid "
    105 					   "sim_min_num_chal configuration "
    106 					   "(%lu, expected 2 or 3)",
    107 					   (unsigned long) data->min_num_chal);
    108 				os_free(data);
    109 				return NULL;
    110 			}
    111 			wpa_printf(MSG_DEBUG, "EAP-SIM: Set minimum number of "
    112 				   "challenges to %lu",
    113 				   (unsigned long) data->min_num_chal);
    114 		}
    115 
    116 		data->result_ind = os_strstr(config->phase1, "result_ind=1") !=
    117 			NULL;
    118 	}
    119 
    120 	if (config && config->anonymous_identity) {
    121 		data->pseudonym = os_malloc(config->anonymous_identity_len);
    122 		if (data->pseudonym) {
    123 			os_memcpy(data->pseudonym, config->anonymous_identity,
    124 				  config->anonymous_identity_len);
    125 			data->pseudonym_len = config->anonymous_identity_len;
    126 		}
    127 	}
    128 
    129 	eap_sim_state(data, CONTINUE);
    130 
    131 	return data;
    132 }
    133 
    134 
    135 static void eap_sim_deinit(struct eap_sm *sm, void *priv)
    136 {
    137 	struct eap_sim_data *data = priv;
    138 	if (data) {
    139 		os_free(data->ver_list);
    140 		os_free(data->pseudonym);
    141 		os_free(data->reauth_id);
    142 		os_free(data->last_eap_identity);
    143 		os_free(data);
    144 	}
    145 }
    146 
    147 
    148 static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
    149 {
    150 	struct eap_peer_config *conf;
    151 
    152 	wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
    153 
    154 	conf = eap_get_config(sm);
    155 	if (conf == NULL)
    156 		return -1;
    157 	if (conf->pcsc) {
    158 		if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
    159 				   data->sres[0], data->kc[0]) ||
    160 		    scard_gsm_auth(sm->scard_ctx, data->rand[1],
    161 				   data->sres[1], data->kc[1]) ||
    162 		    (data->num_chal > 2 &&
    163 		     scard_gsm_auth(sm->scard_ctx, data->rand[2],
    164 				    data->sres[2], data->kc[2]))) {
    165 			wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
    166 				   "authentication could not be completed");
    167 			return -1;
    168 		}
    169 		return 0;
    170 	}
    171 
    172 #ifdef CONFIG_SIM_SIMULATOR
    173 	if (conf->password) {
    174 		u8 opc[16], k[16];
    175 		const char *pos;
    176 		size_t i;
    177 		wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
    178 			   "implementation for authentication");
    179 		if (conf->password_len < 65) {
    180 			wpa_printf(MSG_DEBUG, "EAP-SIM: invalid GSM-Milenage "
    181 				   "password");
    182 			return -1;
    183 		}
    184 		pos = (const char *) conf->password;
    185 		if (hexstr2bin(pos, k, 16))
    186 			return -1;
    187 		pos += 32;
    188 		if (*pos != ':')
    189 			return -1;
    190 		pos++;
    191 
    192 		if (hexstr2bin(pos, opc, 16))
    193 			return -1;
    194 
    195 		for (i = 0; i < data->num_chal; i++) {
    196 			if (gsm_milenage(opc, k, data->rand[i],
    197 					 data->sres[i], data->kc[i])) {
    198 				wpa_printf(MSG_DEBUG, "EAP-SIM: "
    199 					   "GSM-Milenage authentication "
    200 					   "could not be completed");
    201 				return -1;
    202 			}
    203 			wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
    204 				    data->rand[i], GSM_RAND_LEN);
    205 			wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: SRES",
    206 					data->sres[i], EAP_SIM_SRES_LEN);
    207 			wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: Kc",
    208 					data->kc[i], EAP_SIM_KC_LEN);
    209 		}
    210 		return 0;
    211 	}
    212 #endif /* CONFIG_SIM_SIMULATOR */
    213 
    214 #ifdef CONFIG_SIM_HARDCODED
    215 	/* These hardcoded Kc and SRES values are used for testing. RAND to
    216 	 * KC/SREC mapping is very bogus as far as real authentication is
    217 	 * concerned, but it is quite useful for cases where the AS is rotating
    218 	 * the order of pre-configured values. */
    219 	{
    220 		size_t i;
    221 
    222 		wpa_printf(MSG_DEBUG, "EAP-SIM: Use hardcoded Kc and SRES "
    223 			   "values for testing");
    224 
    225 		for (i = 0; i < data->num_chal; i++) {
    226 			if (data->rand[i][0] == 0xaa) {
    227 				os_memcpy(data->kc[i],
    228 					  "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7",
    229 					  EAP_SIM_KC_LEN);
    230 				os_memcpy(data->sres[i], "\xd1\xd2\xd3\xd4",
    231 					  EAP_SIM_SRES_LEN);
    232 			} else if (data->rand[i][0] == 0xbb) {
    233 				os_memcpy(data->kc[i],
    234 					  "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7",
    235 					  EAP_SIM_KC_LEN);
    236 				os_memcpy(data->sres[i], "\xe1\xe2\xe3\xe4",
    237 					  EAP_SIM_SRES_LEN);
    238 			} else {
    239 				os_memcpy(data->kc[i],
    240 					  "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7",
    241 					  EAP_SIM_KC_LEN);
    242 				os_memcpy(data->sres[i], "\xf1\xf2\xf3\xf4",
    243 					  EAP_SIM_SRES_LEN);
    244 			}
    245 		}
    246 	}
    247 
    248 	return 0;
    249 
    250 #else /* CONFIG_SIM_HARDCODED */
    251 
    252 	wpa_printf(MSG_DEBUG, "EAP-SIM: No GSM authentication algorithm "
    253 		   "enabled");
    254 	return -1;
    255 
    256 #endif /* CONFIG_SIM_HARDCODED */
    257 }
    258 
    259 
    260 static int eap_sim_supported_ver(int version)
    261 {
    262 	return version == EAP_SIM_VERSION;
    263 }
    264 
    265 
    266 #define CLEAR_PSEUDONYM	0x01
    267 #define CLEAR_REAUTH_ID	0x02
    268 #define CLEAR_EAP_ID	0x04
    269 
    270 static void eap_sim_clear_identities(struct eap_sm *sm,
    271 				     struct eap_sim_data *data, int id)
    272 {
    273 	if ((id & CLEAR_PSEUDONYM) && data->pseudonym) {
    274 		wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old pseudonym");
    275 		os_free(data->pseudonym);
    276 		data->pseudonym = NULL;
    277 		data->pseudonym_len = 0;
    278 		eap_set_anon_id(sm, NULL, 0);
    279 	}
    280 	if ((id & CLEAR_REAUTH_ID) && data->reauth_id) {
    281 		wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old reauth_id");
    282 		os_free(data->reauth_id);
    283 		data->reauth_id = NULL;
    284 		data->reauth_id_len = 0;
    285 	}
    286 	if ((id & CLEAR_EAP_ID) && data->last_eap_identity) {
    287 		wpa_printf(MSG_DEBUG, "EAP-SIM: forgetting old eap_id");
    288 		os_free(data->last_eap_identity);
    289 		data->last_eap_identity = NULL;
    290 		data->last_eap_identity_len = 0;
    291 	}
    292 }
    293 
    294 
    295 static int eap_sim_learn_ids(struct eap_sm *sm, struct eap_sim_data *data,
    296 			     struct eap_sim_attrs *attr)
    297 {
    298 	if (attr->next_pseudonym) {
    299 		const u8 *identity = NULL;
    300 		size_t identity_len = 0;
    301 		const u8 *realm = NULL;
    302 		size_t realm_len = 0;
    303 
    304 		wpa_hexdump_ascii(MSG_DEBUG,
    305 				  "EAP-SIM: (encr) AT_NEXT_PSEUDONYM",
    306 				  attr->next_pseudonym,
    307 				  attr->next_pseudonym_len);
    308 		os_free(data->pseudonym);
    309 		/* Look for the realm of the permanent identity */
    310 		identity = eap_get_config_identity(sm, &identity_len);
    311 		if (identity) {
    312 			for (realm = identity, realm_len = identity_len;
    313 			     realm_len > 0; realm_len--, realm++) {
    314 				if (*realm == '@')
    315 					break;
    316 			}
    317 		}
    318 		data->pseudonym = os_malloc(attr->next_pseudonym_len +
    319 					    realm_len);
    320 		if (data->pseudonym == NULL) {
    321 			wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
    322 				   "next pseudonym");
    323 			data->pseudonym_len = 0;
    324 			return -1;
    325 		}
    326 		os_memcpy(data->pseudonym, attr->next_pseudonym,
    327 			  attr->next_pseudonym_len);
    328 		if (realm_len) {
    329 			os_memcpy(data->pseudonym + attr->next_pseudonym_len,
    330 				  realm, realm_len);
    331 		}
    332 		data->pseudonym_len = attr->next_pseudonym_len + realm_len;
    333 		eap_set_anon_id(sm, data->pseudonym, data->pseudonym_len);
    334 	}
    335 
    336 	if (attr->next_reauth_id) {
    337 		os_free(data->reauth_id);
    338 		data->reauth_id = os_malloc(attr->next_reauth_id_len);
    339 		if (data->reauth_id == NULL) {
    340 			wpa_printf(MSG_INFO, "EAP-SIM: (encr) No memory for "
    341 				   "next reauth_id");
    342 			data->reauth_id_len = 0;
    343 			return -1;
    344 		}
    345 		os_memcpy(data->reauth_id, attr->next_reauth_id,
    346 			  attr->next_reauth_id_len);
    347 		data->reauth_id_len = attr->next_reauth_id_len;
    348 		wpa_hexdump_ascii(MSG_DEBUG,
    349 				  "EAP-SIM: (encr) AT_NEXT_REAUTH_ID",
    350 				  data->reauth_id,
    351 				  data->reauth_id_len);
    352 	}
    353 
    354 	return 0;
    355 }
    356 
    357 
    358 static struct wpabuf * eap_sim_client_error(struct eap_sim_data *data, u8 id,
    359 					    int err)
    360 {
    361 	struct eap_sim_msg *msg;
    362 
    363 	eap_sim_state(data, FAILURE);
    364 	data->num_id_req = 0;
    365 	data->num_notification = 0;
    366 
    367 	wpa_printf(MSG_DEBUG, "EAP-SIM: Send Client-Error (error code %d)",
    368 		   err);
    369 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
    370 			       EAP_SIM_SUBTYPE_CLIENT_ERROR);
    371 	eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0);
    372 	return eap_sim_msg_finish(msg, NULL, NULL, 0);
    373 }
    374 
    375 
    376 static struct wpabuf * eap_sim_response_start(struct eap_sm *sm,
    377 					      struct eap_sim_data *data, u8 id,
    378 					      enum eap_sim_id_req id_req)
    379 {
    380 	const u8 *identity = NULL;
    381 	size_t identity_len = 0;
    382 	struct eap_sim_msg *msg;
    383 
    384 	data->reauth = 0;
    385 	if (id_req == ANY_ID && data->reauth_id) {
    386 		identity = data->reauth_id;
    387 		identity_len = data->reauth_id_len;
    388 		data->reauth = 1;
    389 	} else if ((id_req == ANY_ID || id_req == FULLAUTH_ID) &&
    390 		   data->pseudonym) {
    391 		identity = data->pseudonym;
    392 		identity_len = data->pseudonym_len;
    393 		eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
    394 	} else if (id_req != NO_ID_REQ) {
    395 		identity = eap_get_config_identity(sm, &identity_len);
    396 		if (identity) {
    397 			eap_sim_clear_identities(sm, data, CLEAR_PSEUDONYM |
    398 						 CLEAR_REAUTH_ID);
    399 		}
    400 	}
    401 	if (id_req != NO_ID_REQ)
    402 		eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
    403 
    404 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Start (id=%d)", id);
    405 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
    406 			       EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START);
    407 	if (!data->reauth) {
    408 		wpa_hexdump(MSG_DEBUG, "   AT_NONCE_MT",
    409 			    data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
    410 		eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_MT, 0,
    411 				data->nonce_mt, EAP_SIM_NONCE_MT_LEN);
    412 		wpa_printf(MSG_DEBUG, "   AT_SELECTED_VERSION %d",
    413 			   data->selected_version);
    414 		eap_sim_msg_add(msg, EAP_SIM_AT_SELECTED_VERSION,
    415 				data->selected_version, NULL, 0);
    416 	}
    417 
    418 	if (identity) {
    419 		wpa_hexdump_ascii(MSG_DEBUG, "   AT_IDENTITY",
    420 				  identity, identity_len);
    421 		eap_sim_msg_add(msg, EAP_SIM_AT_IDENTITY, identity_len,
    422 				identity, identity_len);
    423 	}
    424 
    425 	return eap_sim_msg_finish(msg, NULL, NULL, 0);
    426 }
    427 
    428 
    429 static struct wpabuf * eap_sim_response_challenge(struct eap_sim_data *data,
    430 						  u8 id)
    431 {
    432 	struct eap_sim_msg *msg;
    433 
    434 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Challenge (id=%d)", id);
    435 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
    436 			       EAP_SIM_SUBTYPE_CHALLENGE);
    437 	if (data->use_result_ind) {
    438 		wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
    439 		eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
    440 	}
    441 	wpa_printf(MSG_DEBUG, "   AT_MAC");
    442 	eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
    443 	return eap_sim_msg_finish(msg, data->k_aut, (u8 *) data->sres,
    444 				  data->num_chal * EAP_SIM_SRES_LEN);
    445 }
    446 
    447 
    448 static struct wpabuf * eap_sim_response_reauth(struct eap_sim_data *data,
    449 					       u8 id, int counter_too_small,
    450 					       const u8 *nonce_s)
    451 {
    452 	struct eap_sim_msg *msg;
    453 	unsigned int counter;
    454 
    455 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Reauthentication (id=%d)",
    456 		   id);
    457 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_SIM,
    458 			       EAP_SIM_SUBTYPE_REAUTHENTICATION);
    459 	wpa_printf(MSG_DEBUG, "   AT_IV");
    460 	wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
    461 	eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA);
    462 
    463 	if (counter_too_small) {
    464 		wpa_printf(MSG_DEBUG, "   *AT_COUNTER_TOO_SMALL");
    465 		eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER_TOO_SMALL, 0, NULL, 0);
    466 		counter = data->counter_too_small;
    467 	} else
    468 		counter = data->counter;
    469 
    470 	wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", counter);
    471 	eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0);
    472 
    473 	if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) {
    474 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
    475 			   "AT_ENCR_DATA");
    476 		eap_sim_msg_free(msg);
    477 		return NULL;
    478 	}
    479 	if (data->use_result_ind) {
    480 		wpa_printf(MSG_DEBUG, "   AT_RESULT_IND");
    481 		eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
    482 	}
    483 	wpa_printf(MSG_DEBUG, "   AT_MAC");
    484 	eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
    485 	return eap_sim_msg_finish(msg, data->k_aut, nonce_s,
    486 				  EAP_SIM_NONCE_S_LEN);
    487 }
    488 
    489 
    490 static struct wpabuf * eap_sim_response_notification(struct eap_sim_data *data,
    491 						     u8 id, u16 notification)
    492 {
    493 	struct eap_sim_msg *msg;
    494 	u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL;
    495 
    496 	wpa_printf(MSG_DEBUG, "Generating EAP-SIM Notification (id=%d)", id);
    497 	msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id,
    498 			       EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION);
    499 	if (k_aut && data->reauth) {
    500 		wpa_printf(MSG_DEBUG, "   AT_IV");
    501 		wpa_printf(MSG_DEBUG, "   AT_ENCR_DATA");
    502 		eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV,
    503 					   EAP_SIM_AT_ENCR_DATA);
    504 		wpa_printf(MSG_DEBUG, "   *AT_COUNTER %d", data->counter);
    505 		eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, data->counter,
    506 				NULL, 0);
    507 		if (eap_sim_msg_add_encr_end(msg, data->k_encr,
    508 					     EAP_SIM_AT_PADDING)) {
    509 			wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt "
    510 				   "AT_ENCR_DATA");
    511 			eap_sim_msg_free(msg);
    512 			return NULL;
    513 		}
    514 	}
    515 	if (k_aut) {
    516 		wpa_printf(MSG_DEBUG, "   AT_MAC");
    517 		eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC);
    518 	}
    519 	return eap_sim_msg_finish(msg, k_aut, (u8 *) "", 0);
    520 }
    521 
    522 
    523 static struct wpabuf * eap_sim_process_start(struct eap_sm *sm,
    524 					     struct eap_sim_data *data, u8 id,
    525 					     struct eap_sim_attrs *attr)
    526 {
    527 	int selected_version = -1, id_error;
    528 	size_t i;
    529 	u8 *pos;
    530 
    531 	wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Start");
    532 	if (attr->version_list == NULL) {
    533 		wpa_printf(MSG_INFO, "EAP-SIM: No AT_VERSION_LIST in "
    534 			   "SIM/Start");
    535 		return eap_sim_client_error(data, id,
    536 					    EAP_SIM_UNSUPPORTED_VERSION);
    537 	}
    538 
    539 	os_free(data->ver_list);
    540 	data->ver_list = os_malloc(attr->version_list_len);
    541 	if (data->ver_list == NULL) {
    542 		wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to allocate "
    543 			   "memory for version list");
    544 		return eap_sim_client_error(data, id,
    545 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    546 	}
    547 	os_memcpy(data->ver_list, attr->version_list, attr->version_list_len);
    548 	data->ver_list_len = attr->version_list_len;
    549 	pos = data->ver_list;
    550 	for (i = 0; i < data->ver_list_len / 2; i++) {
    551 		int ver = pos[0] * 256 + pos[1];
    552 		pos += 2;
    553 		if (eap_sim_supported_ver(ver)) {
    554 			selected_version = ver;
    555 			break;
    556 		}
    557 	}
    558 	if (selected_version < 0) {
    559 		wpa_printf(MSG_INFO, "EAP-SIM: Could not find a supported "
    560 			   "version");
    561 		return eap_sim_client_error(data, id,
    562 					    EAP_SIM_UNSUPPORTED_VERSION);
    563 	}
    564 	wpa_printf(MSG_DEBUG, "EAP-SIM: Selected Version %d",
    565 		   selected_version);
    566 	data->selected_version = selected_version;
    567 
    568 	id_error = 0;
    569 	switch (attr->id_req) {
    570 	case NO_ID_REQ:
    571 		break;
    572 	case ANY_ID:
    573 		if (data->num_id_req > 0)
    574 			id_error++;
    575 		data->num_id_req++;
    576 		break;
    577 	case FULLAUTH_ID:
    578 		if (data->num_id_req > 1)
    579 			id_error++;
    580 		data->num_id_req++;
    581 		break;
    582 	case PERMANENT_ID:
    583 		if (data->num_id_req > 2)
    584 			id_error++;
    585 		data->num_id_req++;
    586 		break;
    587 	}
    588 	if (id_error) {
    589 		wpa_printf(MSG_INFO, "EAP-SIM: Too many ID requests "
    590 			   "used within one authentication");
    591 		return eap_sim_client_error(data, id,
    592 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    593 	}
    594 
    595 	return eap_sim_response_start(sm, data, id, attr->id_req);
    596 }
    597 
    598 
    599 static struct wpabuf * eap_sim_process_challenge(struct eap_sm *sm,
    600 						 struct eap_sim_data *data,
    601 						 u8 id,
    602 						 const struct wpabuf *reqData,
    603 						 struct eap_sim_attrs *attr)
    604 {
    605 	const u8 *identity;
    606 	size_t identity_len;
    607 	struct eap_sim_attrs eattr;
    608 
    609 	wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Challenge");
    610 	data->reauth = 0;
    611 	if (!attr->mac || !attr->rand) {
    612 		wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
    613 			   "did not include%s%s",
    614 			   !attr->mac ? " AT_MAC" : "",
    615 			   !attr->rand ? " AT_RAND" : "");
    616 		return eap_sim_client_error(data, id,
    617 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    618 	}
    619 
    620 	wpa_printf(MSG_DEBUG, "EAP-SIM: %lu challenges",
    621 		   (unsigned long) attr->num_chal);
    622 	if (attr->num_chal < data->min_num_chal) {
    623 		wpa_printf(MSG_INFO, "EAP-SIM: Insufficient number of "
    624 			   "challenges (%lu)", (unsigned long) attr->num_chal);
    625 		return eap_sim_client_error(data, id,
    626 					    EAP_SIM_INSUFFICIENT_NUM_OF_CHAL);
    627 	}
    628 	if (attr->num_chal > 3) {
    629 		wpa_printf(MSG_INFO, "EAP-SIM: Too many challenges "
    630 			   "(%lu)", (unsigned long) attr->num_chal);
    631 		return eap_sim_client_error(data, id,
    632 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    633 	}
    634 
    635 	/* Verify that RANDs are different */
    636 	if (os_memcmp(attr->rand, attr->rand + GSM_RAND_LEN,
    637 		   GSM_RAND_LEN) == 0 ||
    638 	    (attr->num_chal > 2 &&
    639 	     (os_memcmp(attr->rand, attr->rand + 2 * GSM_RAND_LEN,
    640 			GSM_RAND_LEN) == 0 ||
    641 	      os_memcmp(attr->rand + GSM_RAND_LEN,
    642 			attr->rand + 2 * GSM_RAND_LEN,
    643 			GSM_RAND_LEN) == 0))) {
    644 		wpa_printf(MSG_INFO, "EAP-SIM: Same RAND used multiple times");
    645 		return eap_sim_client_error(data, id,
    646 					    EAP_SIM_RAND_NOT_FRESH);
    647 	}
    648 
    649 	os_memcpy(data->rand, attr->rand, attr->num_chal * GSM_RAND_LEN);
    650 	data->num_chal = attr->num_chal;
    651 
    652 	if (eap_sim_gsm_auth(sm, data)) {
    653 		wpa_printf(MSG_WARNING, "EAP-SIM: GSM authentication failed");
    654 		return eap_sim_client_error(data, id,
    655 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    656 	}
    657 	if (data->last_eap_identity) {
    658 		identity = data->last_eap_identity;
    659 		identity_len = data->last_eap_identity_len;
    660 	} else if (data->pseudonym) {
    661 		identity = data->pseudonym;
    662 		identity_len = data->pseudonym_len;
    663 	} else
    664 		identity = eap_get_config_identity(sm, &identity_len);
    665 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Selected identity for MK "
    666 			  "derivation", identity, identity_len);
    667 	eap_sim_derive_mk(identity, identity_len, data->nonce_mt,
    668 			  data->selected_version, data->ver_list,
    669 			  data->ver_list_len, data->num_chal,
    670 			  (const u8 *) data->kc, data->mk);
    671 	eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk,
    672 			    data->emsk);
    673 	if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, data->nonce_mt,
    674 			       EAP_SIM_NONCE_MT_LEN)) {
    675 		wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message "
    676 			   "used invalid AT_MAC");
    677 		return eap_sim_client_error(data, id,
    678 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    679 	}
    680 
    681 	/* Old reauthentication identity must not be used anymore. In
    682 	 * other words, if no new reauth identity is received, full
    683 	 * authentication will be used on next reauthentication (using
    684 	 * pseudonym identity or permanent identity). */
    685 	eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    686 
    687 	if (attr->encr_data) {
    688 		u8 *decrypted;
    689 		decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    690 					       attr->encr_data_len, attr->iv,
    691 					       &eattr, 0);
    692 		if (decrypted == NULL) {
    693 			return eap_sim_client_error(
    694 				data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    695 		}
    696 		eap_sim_learn_ids(sm, data, &eattr);
    697 		os_free(decrypted);
    698 	}
    699 
    700 	if (data->result_ind && attr->result_ind)
    701 		data->use_result_ind = 1;
    702 
    703 	if (data->state != FAILURE && data->state != RESULT_FAILURE) {
    704 		eap_sim_state(data, data->use_result_ind ?
    705 			      RESULT_SUCCESS : SUCCESS);
    706 	}
    707 
    708 	data->num_id_req = 0;
    709 	data->num_notification = 0;
    710 	/* RFC 4186 specifies that counter is initialized to one after
    711 	 * fullauth, but initializing it to zero makes it easier to implement
    712 	 * reauth verification. */
    713 	data->counter = 0;
    714 	return eap_sim_response_challenge(data, id);
    715 }
    716 
    717 
    718 static int eap_sim_process_notification_reauth(struct eap_sim_data *data,
    719 					       struct eap_sim_attrs *attr)
    720 {
    721 	struct eap_sim_attrs eattr;
    722 	u8 *decrypted;
    723 
    724 	if (attr->encr_data == NULL || attr->iv == NULL) {
    725 		wpa_printf(MSG_WARNING, "EAP-SIM: Notification message after "
    726 			   "reauth did not include encrypted data");
    727 		return -1;
    728 	}
    729 
    730 	decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    731 				       attr->encr_data_len, attr->iv, &eattr,
    732 				       0);
    733 	if (decrypted == NULL) {
    734 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
    735 			   "data from notification message");
    736 		return -1;
    737 	}
    738 
    739 	if (eattr.counter < 0 || (size_t) eattr.counter != data->counter) {
    740 		wpa_printf(MSG_WARNING, "EAP-SIM: Counter in notification "
    741 			   "message does not match with counter in reauth "
    742 			   "message");
    743 		os_free(decrypted);
    744 		return -1;
    745 	}
    746 
    747 	os_free(decrypted);
    748 	return 0;
    749 }
    750 
    751 
    752 static int eap_sim_process_notification_auth(struct eap_sim_data *data,
    753 					     const struct wpabuf *reqData,
    754 					     struct eap_sim_attrs *attr)
    755 {
    756 	if (attr->mac == NULL) {
    757 		wpa_printf(MSG_INFO, "EAP-SIM: no AT_MAC in after_auth "
    758 			   "Notification message");
    759 		return -1;
    760 	}
    761 
    762 	if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
    763 	{
    764 		wpa_printf(MSG_WARNING, "EAP-SIM: Notification message "
    765 			   "used invalid AT_MAC");
    766 		return -1;
    767 	}
    768 
    769 	if (data->reauth &&
    770 	    eap_sim_process_notification_reauth(data, attr)) {
    771 		wpa_printf(MSG_WARNING, "EAP-SIM: Invalid notification "
    772 			   "message after reauth");
    773 		return -1;
    774 	}
    775 
    776 	return 0;
    777 }
    778 
    779 
    780 static struct wpabuf * eap_sim_process_notification(
    781 	struct eap_sm *sm, struct eap_sim_data *data, u8 id,
    782 	const struct wpabuf *reqData, struct eap_sim_attrs *attr)
    783 {
    784 	wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Notification");
    785 	if (data->num_notification > 0) {
    786 		wpa_printf(MSG_INFO, "EAP-SIM: too many notification "
    787 			   "rounds (only one allowed)");
    788 		return eap_sim_client_error(data, id,
    789 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    790 	}
    791 	data->num_notification++;
    792 	if (attr->notification == -1) {
    793 		wpa_printf(MSG_INFO, "EAP-SIM: no AT_NOTIFICATION in "
    794 			   "Notification message");
    795 		return eap_sim_client_error(data, id,
    796 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    797 	}
    798 
    799 	if ((attr->notification & 0x4000) == 0 &&
    800 	    eap_sim_process_notification_auth(data, reqData, attr)) {
    801 		return eap_sim_client_error(data, id,
    802 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    803 	}
    804 
    805 	eap_sim_report_notification(sm->msg_ctx, attr->notification, 0);
    806 	if (attr->notification >= 0 && attr->notification < 32768) {
    807 		eap_sim_state(data, FAILURE);
    808 	} else if (attr->notification == EAP_SIM_SUCCESS &&
    809 		   data->state == RESULT_SUCCESS)
    810 		eap_sim_state(data, SUCCESS);
    811 	return eap_sim_response_notification(data, id, attr->notification);
    812 }
    813 
    814 
    815 static struct wpabuf * eap_sim_process_reauthentication(
    816 	struct eap_sm *sm, struct eap_sim_data *data, u8 id,
    817 	const struct wpabuf *reqData, struct eap_sim_attrs *attr)
    818 {
    819 	struct eap_sim_attrs eattr;
    820 	u8 *decrypted;
    821 
    822 	wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Reauthentication");
    823 
    824 	if (data->reauth_id == NULL) {
    825 		wpa_printf(MSG_WARNING, "EAP-SIM: Server is trying "
    826 			   "reauthentication, but no reauth_id available");
    827 		return eap_sim_client_error(data, id,
    828 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    829 	}
    830 
    831 	data->reauth = 1;
    832 	if (eap_sim_verify_mac(data->k_aut, reqData, attr->mac, (u8 *) "", 0))
    833 	{
    834 		wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
    835 			   "did not have valid AT_MAC");
    836 		return eap_sim_client_error(data, id,
    837 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    838 	}
    839 
    840 	if (attr->encr_data == NULL || attr->iv == NULL) {
    841 		wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication "
    842 			   "message did not include encrypted data");
    843 		return eap_sim_client_error(data, id,
    844 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    845 	}
    846 
    847 	decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data,
    848 				       attr->encr_data_len, attr->iv, &eattr,
    849 				       0);
    850 	if (decrypted == NULL) {
    851 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted "
    852 			   "data from reauthentication message");
    853 		return eap_sim_client_error(data, id,
    854 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    855 	}
    856 
    857 	if (eattr.nonce_s == NULL || eattr.counter < 0) {
    858 		wpa_printf(MSG_INFO, "EAP-SIM: (encr) No%s%s in reauth packet",
    859 			   !eattr.nonce_s ? " AT_NONCE_S" : "",
    860 			   eattr.counter < 0 ? " AT_COUNTER" : "");
    861 		os_free(decrypted);
    862 		return eap_sim_client_error(data, id,
    863 					    EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    864 	}
    865 
    866 	if (eattr.counter < 0 || (size_t) eattr.counter <= data->counter) {
    867 		wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid counter "
    868 			   "(%d <= %d)", eattr.counter, data->counter);
    869 		data->counter_too_small = eattr.counter;
    870 		/* Reply using Re-auth w/ AT_COUNTER_TOO_SMALL. The current
    871 		 * reauth_id must not be used to start a new reauthentication.
    872 		 * However, since it was used in the last EAP-Response-Identity
    873 		 * packet, it has to saved for the following fullauth to be
    874 		 * used in MK derivation. */
    875 		os_free(data->last_eap_identity);
    876 		data->last_eap_identity = data->reauth_id;
    877 		data->last_eap_identity_len = data->reauth_id_len;
    878 		data->reauth_id = NULL;
    879 		data->reauth_id_len = 0;
    880 		os_free(decrypted);
    881 		return eap_sim_response_reauth(data, id, 1, eattr.nonce_s);
    882 	}
    883 	data->counter = eattr.counter;
    884 
    885 	os_memcpy(data->nonce_s, eattr.nonce_s, EAP_SIM_NONCE_S_LEN);
    886 	wpa_hexdump(MSG_DEBUG, "EAP-SIM: (encr) AT_NONCE_S",
    887 		    data->nonce_s, EAP_SIM_NONCE_S_LEN);
    888 
    889 	eap_sim_derive_keys_reauth(data->counter,
    890 				   data->reauth_id, data->reauth_id_len,
    891 				   data->nonce_s, data->mk, data->msk,
    892 				   data->emsk);
    893 	eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    894 	eap_sim_learn_ids(sm, data, &eattr);
    895 
    896 	if (data->result_ind && attr->result_ind)
    897 		data->use_result_ind = 1;
    898 
    899 	if (data->state != FAILURE && data->state != RESULT_FAILURE) {
    900 		eap_sim_state(data, data->use_result_ind ?
    901 			      RESULT_SUCCESS : SUCCESS);
    902 	}
    903 
    904 	data->num_id_req = 0;
    905 	data->num_notification = 0;
    906 	if (data->counter > EAP_SIM_MAX_FAST_REAUTHS) {
    907 		wpa_printf(MSG_DEBUG, "EAP-SIM: Maximum number of "
    908 			   "fast reauths performed - force fullauth");
    909 		eap_sim_clear_identities(sm, data,
    910 					 CLEAR_REAUTH_ID | CLEAR_EAP_ID);
    911 	}
    912 	os_free(decrypted);
    913 	return eap_sim_response_reauth(data, id, 0, data->nonce_s);
    914 }
    915 
    916 
    917 static struct wpabuf * eap_sim_process(struct eap_sm *sm, void *priv,
    918 				       struct eap_method_ret *ret,
    919 				       const struct wpabuf *reqData)
    920 {
    921 	struct eap_sim_data *data = priv;
    922 	const struct eap_hdr *req;
    923 	u8 subtype, id;
    924 	struct wpabuf *res;
    925 	const u8 *pos;
    926 	struct eap_sim_attrs attr;
    927 	size_t len;
    928 
    929 	wpa_hexdump_buf(MSG_DEBUG, "EAP-SIM: EAP data", reqData);
    930 	if (eap_get_config_identity(sm, &len) == NULL) {
    931 		wpa_printf(MSG_INFO, "EAP-SIM: Identity not configured");
    932 		eap_sm_request_identity(sm);
    933 		ret->ignore = TRUE;
    934 		return NULL;
    935 	}
    936 
    937 	pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, reqData, &len);
    938 	if (pos == NULL || len < 1) {
    939 		ret->ignore = TRUE;
    940 		return NULL;
    941 	}
    942 	req = wpabuf_head(reqData);
    943 	id = req->identifier;
    944 	len = be_to_host16(req->length);
    945 
    946 	ret->ignore = FALSE;
    947 	ret->methodState = METHOD_MAY_CONT;
    948 	ret->decision = DECISION_FAIL;
    949 	ret->allowNotifications = TRUE;
    950 
    951 	subtype = *pos++;
    952 	wpa_printf(MSG_DEBUG, "EAP-SIM: Subtype=%d", subtype);
    953 	pos += 2; /* Reserved */
    954 
    955 	if (eap_sim_parse_attr(pos, wpabuf_head_u8(reqData) + len, &attr, 0,
    956 			       0)) {
    957 		res = eap_sim_client_error(data, id,
    958 					   EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    959 		goto done;
    960 	}
    961 
    962 	switch (subtype) {
    963 	case EAP_SIM_SUBTYPE_START:
    964 		res = eap_sim_process_start(sm, data, id, &attr);
    965 		break;
    966 	case EAP_SIM_SUBTYPE_CHALLENGE:
    967 		res = eap_sim_process_challenge(sm, data, id, reqData, &attr);
    968 		break;
    969 	case EAP_SIM_SUBTYPE_NOTIFICATION:
    970 		res = eap_sim_process_notification(sm, data, id, reqData,
    971 						   &attr);
    972 		break;
    973 	case EAP_SIM_SUBTYPE_REAUTHENTICATION:
    974 		res = eap_sim_process_reauthentication(sm, data, id, reqData,
    975 						       &attr);
    976 		break;
    977 	case EAP_SIM_SUBTYPE_CLIENT_ERROR:
    978 		wpa_printf(MSG_DEBUG, "EAP-SIM: subtype Client-Error");
    979 		res = eap_sim_client_error(data, id,
    980 					   EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    981 		break;
    982 	default:
    983 		wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown subtype=%d", subtype);
    984 		res = eap_sim_client_error(data, id,
    985 					   EAP_SIM_UNABLE_TO_PROCESS_PACKET);
    986 		break;
    987 	}
    988 
    989 done:
    990 	if (data->state == FAILURE) {
    991 		ret->decision = DECISION_FAIL;
    992 		ret->methodState = METHOD_DONE;
    993 	} else if (data->state == SUCCESS) {
    994 		ret->decision = data->use_result_ind ?
    995 			DECISION_UNCOND_SUCC : DECISION_COND_SUCC;
    996 		ret->methodState = data->use_result_ind ?
    997 			METHOD_DONE : METHOD_MAY_CONT;
    998 	} else if (data->state == RESULT_FAILURE)
    999 		ret->methodState = METHOD_CONT;
   1000 	else if (data->state == RESULT_SUCCESS)
   1001 		ret->methodState = METHOD_CONT;
   1002 
   1003 	if (ret->methodState == METHOD_DONE) {
   1004 		ret->allowNotifications = FALSE;
   1005 	}
   1006 
   1007 	return res;
   1008 }
   1009 
   1010 
   1011 static Boolean eap_sim_has_reauth_data(struct eap_sm *sm, void *priv)
   1012 {
   1013 	struct eap_sim_data *data = priv;
   1014 	return data->pseudonym || data->reauth_id;
   1015 }
   1016 
   1017 
   1018 static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
   1019 {
   1020 	struct eap_sim_data *data = priv;
   1021 	eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
   1022 	data->use_result_ind = 0;
   1023 }
   1024 
   1025 
   1026 static void * eap_sim_init_for_reauth(struct eap_sm *sm, void *priv)
   1027 {
   1028 	struct eap_sim_data *data = priv;
   1029 	if (random_get_bytes(data->nonce_mt, EAP_SIM_NONCE_MT_LEN)) {
   1030 		wpa_printf(MSG_WARNING, "EAP-SIM: Failed to get random data "
   1031 			   "for NONCE_MT");
   1032 		os_free(data);
   1033 		return NULL;
   1034 	}
   1035 	data->num_id_req = 0;
   1036 	data->num_notification = 0;
   1037 	eap_sim_state(data, CONTINUE);
   1038 	return priv;
   1039 }
   1040 
   1041 
   1042 static const u8 * eap_sim_get_identity(struct eap_sm *sm, void *priv,
   1043 				       size_t *len)
   1044 {
   1045 	struct eap_sim_data *data = priv;
   1046 
   1047 	if (data->reauth_id) {
   1048 		*len = data->reauth_id_len;
   1049 		return data->reauth_id;
   1050 	}
   1051 
   1052 	if (data->pseudonym) {
   1053 		*len = data->pseudonym_len;
   1054 		return data->pseudonym;
   1055 	}
   1056 
   1057 	return NULL;
   1058 }
   1059 
   1060 
   1061 static Boolean eap_sim_isKeyAvailable(struct eap_sm *sm, void *priv)
   1062 {
   1063 	struct eap_sim_data *data = priv;
   1064 	return data->state == SUCCESS;
   1065 }
   1066 
   1067 
   1068 static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len)
   1069 {
   1070 	struct eap_sim_data *data = priv;
   1071 	u8 *key;
   1072 
   1073 	if (data->state != SUCCESS)
   1074 		return NULL;
   1075 
   1076 	key = os_malloc(EAP_SIM_KEYING_DATA_LEN);
   1077 	if (key == NULL)
   1078 		return NULL;
   1079 
   1080 	*len = EAP_SIM_KEYING_DATA_LEN;
   1081 	os_memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN);
   1082 
   1083 	return key;
   1084 }
   1085 
   1086 
   1087 static u8 * eap_sim_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
   1088 {
   1089 	struct eap_sim_data *data = priv;
   1090 	u8 *id;
   1091 
   1092 	if (data->state != SUCCESS)
   1093 		return NULL;
   1094 
   1095 	*len = 1 + data->num_chal * GSM_RAND_LEN + EAP_SIM_NONCE_MT_LEN;
   1096 	id = os_malloc(*len);
   1097 	if (id == NULL)
   1098 		return NULL;
   1099 
   1100 	id[0] = EAP_TYPE_SIM;
   1101 	os_memcpy(id + 1, data->rand, data->num_chal * GSM_RAND_LEN);
   1102 	os_memcpy(id + 1 + data->num_chal * GSM_RAND_LEN, data->nonce_mt,
   1103 		  EAP_SIM_NONCE_MT_LEN);
   1104 	wpa_hexdump(MSG_DEBUG, "EAP-SIM: Derived Session-Id", id, *len);
   1105 
   1106 	return id;
   1107 }
   1108 
   1109 
   1110 static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
   1111 {
   1112 	struct eap_sim_data *data = priv;
   1113 	u8 *key;
   1114 
   1115 	if (data->state != SUCCESS)
   1116 		return NULL;
   1117 
   1118 	key = os_malloc(EAP_EMSK_LEN);
   1119 	if (key == NULL)
   1120 		return NULL;
   1121 
   1122 	*len = EAP_EMSK_LEN;
   1123 	os_memcpy(key, data->emsk, EAP_EMSK_LEN);
   1124 
   1125 	return key;
   1126 }
   1127 
   1128 
   1129 int eap_peer_sim_register(void)
   1130 {
   1131 	struct eap_method *eap;
   1132 	int ret;
   1133 
   1134 	eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
   1135 				    EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM");
   1136 	if (eap == NULL)
   1137 		return -1;
   1138 
   1139 	eap->init = eap_sim_init;
   1140 	eap->deinit = eap_sim_deinit;
   1141 	eap->process = eap_sim_process;
   1142 	eap->isKeyAvailable = eap_sim_isKeyAvailable;
   1143 	eap->getKey = eap_sim_getKey;
   1144 	eap->getSessionId = eap_sim_get_session_id;
   1145 	eap->has_reauth_data = eap_sim_has_reauth_data;
   1146 	eap->deinit_for_reauth = eap_sim_deinit_for_reauth;
   1147 	eap->init_for_reauth = eap_sim_init_for_reauth;
   1148 	eap->get_identity = eap_sim_get_identity;
   1149 	eap->get_emsk = eap_sim_get_emsk;
   1150 
   1151 	ret = eap_peer_method_register(eap);
   1152 	if (ret)
   1153 		eap_peer_method_free(eap);
   1154 	return ret;
   1155 }
   1156