Ported pseudonym/reauth functionality to EAP-AKA
This commit is contained in:
parent
3374cb0f44
commit
15b65bf15d
|
@ -39,14 +39,34 @@ struct private_eap_aka_peer_t {
|
|||
simaka_crypto_t *crypto;
|
||||
|
||||
/**
|
||||
* ID of the peer
|
||||
* permanent ID of peer
|
||||
*/
|
||||
identification_t *peer;
|
||||
identification_t *permanent;
|
||||
|
||||
/**
|
||||
* Pseudonym identity the peer uses
|
||||
*/
|
||||
identification_t *pseudonym;
|
||||
|
||||
/**
|
||||
* Reauthentication identity the peer uses
|
||||
*/
|
||||
identification_t *reauth;
|
||||
|
||||
/**
|
||||
* MSK
|
||||
*/
|
||||
chunk_t msk;
|
||||
|
||||
/**
|
||||
* Master key, if reauthentication is used
|
||||
*/
|
||||
char mk[HASH_SIZE_SHA1];
|
||||
|
||||
/**
|
||||
* Counter value if reauthentication is used
|
||||
*/
|
||||
u_int16_t counter;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -72,6 +92,85 @@ static eap_payload_t* create_client_error(private_eap_aka_peer_t *this,
|
|||
return out;
|
||||
}
|
||||
|
||||
/**
|
||||
* process an EAP-AKA/Request/Identity message
|
||||
*/
|
||||
static status_t process_identity(private_eap_aka_peer_t *this,
|
||||
simaka_message_t *in, eap_payload_t **out)
|
||||
{
|
||||
simaka_message_t *message;
|
||||
enumerator_t *enumerator;
|
||||
simaka_attribute_t type;
|
||||
chunk_t data, id = chunk_empty;
|
||||
simaka_attribute_t id_req = 0;
|
||||
|
||||
/* reset previously uses reauthentication/pseudonym data */
|
||||
this->crypto->clear_keys(this->crypto);
|
||||
DESTROY_IF(this->pseudonym);
|
||||
this->pseudonym = NULL;
|
||||
DESTROY_IF(this->reauth);
|
||||
this->reauth = NULL;
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case AT_ANY_ID_REQ:
|
||||
case AT_FULLAUTH_ID_REQ:
|
||||
case AT_PERMANENT_ID_REQ:
|
||||
id_req = type;
|
||||
break;
|
||||
default:
|
||||
if (!simaka_attribute_skippable(type))
|
||||
{
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
enumerator->destroy(enumerator);
|
||||
return NEED_MORE;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
switch (id_req)
|
||||
{
|
||||
case AT_ANY_ID_REQ:
|
||||
this->reauth = charon->sim->card_get_reauth(charon->sim,
|
||||
this->permanent, this->mk, &this->counter);
|
||||
if (this->reauth)
|
||||
{
|
||||
id = this->reauth->get_encoding(this->reauth);
|
||||
break;
|
||||
}
|
||||
/* FALL */
|
||||
case AT_FULLAUTH_ID_REQ:
|
||||
this->pseudonym = charon->sim->card_get_pseudonym(charon->sim,
|
||||
this->permanent);
|
||||
if (this->pseudonym)
|
||||
{
|
||||
id = this->pseudonym->get_encoding(this->pseudonym);
|
||||
break;
|
||||
}
|
||||
/* FALL */
|
||||
case AT_PERMANENT_ID_REQ:
|
||||
id = this->permanent->get_encoding(this->permanent);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
|
||||
AKA_IDENTITY, this->crypto);
|
||||
if (id.len)
|
||||
{
|
||||
message->add_attribute(message, AT_IDENTITY, id);
|
||||
}
|
||||
*out = message->generate(message, chunk_empty);
|
||||
message->destroy(message);
|
||||
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process an EAP-AKA/Request/Challenge message
|
||||
*/
|
||||
|
@ -83,7 +182,8 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
|
|||
simaka_attribute_t type;
|
||||
chunk_t data, rand = chunk_empty, autn = chunk_empty, mk;
|
||||
u_char res[AKA_RES_LEN], ck[AKA_CK_LEN], ik[AKA_IK_LEN], auts[AKA_AUTS_LEN];
|
||||
status_t status = NOT_FOUND;
|
||||
identification_t *id;
|
||||
status_t status;
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
|
@ -115,10 +215,10 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
|
|||
return NEED_MORE;
|
||||
}
|
||||
|
||||
status = charon->sim->card_get_quintuplet(charon->sim, this->peer,
|
||||
status = charon->sim->card_get_quintuplet(charon->sim, this->permanent,
|
||||
rand.ptr, autn.ptr, ck, ik, res);
|
||||
if (status == INVALID_STATE &&
|
||||
charon->sim->card_resync(charon->sim, this->peer, rand.ptr, auts))
|
||||
charon->sim->card_resync(charon->sim, this->permanent, rand.ptr, auts))
|
||||
{
|
||||
DBG1(DBG_IKE, "received SQN invalid, sending %N",
|
||||
simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE);
|
||||
|
@ -133,7 +233,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
|
|||
if (status != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_IKE, "no USIM found with quintuplets for '%Y', sending %N",
|
||||
this->peer, simaka_subtype_names, AKA_AUTHENTICATION_REJECT);
|
||||
this->permanent, simaka_subtype_names, AKA_AUTHENTICATION_REJECT);
|
||||
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
|
||||
AKA_AUTHENTICATION_REJECT, this->crypto);
|
||||
*out = message->generate(message, chunk_empty);
|
||||
|
@ -141,21 +241,49 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
|
|||
return NEED_MORE;
|
||||
}
|
||||
|
||||
id = this->permanent;
|
||||
if (this->pseudonym)
|
||||
{
|
||||
id = this->pseudonym;
|
||||
}
|
||||
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
|
||||
chunk_create(ck, AKA_CK_LEN));
|
||||
free(this->msk.ptr);
|
||||
this->msk = this->crypto->derive_keys_full(this->crypto, this->peer,
|
||||
data, &mk);
|
||||
this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
|
||||
memcpy(this->mk, mk.ptr, mk.len);
|
||||
free(mk.ptr);
|
||||
|
||||
/* verify EAP message MAC AT_MAC */
|
||||
if (!in->verify(in, chunk_empty))
|
||||
/* Verify AT_MAC attribute and parse() again after key derivation,
|
||||
* reading encrypted attributes */
|
||||
if (!in->verify(in, chunk_empty) || !in->parse(in))
|
||||
{
|
||||
DBG1(DBG_IKE, "AT_MAC verification failed ");
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case AT_NEXT_REAUTH_ID:
|
||||
this->counter = 0;
|
||||
id = identification_create_from_data(data);
|
||||
charon->sim->card_set_reauth(charon->sim, this->permanent, id,
|
||||
this->mk, this->counter);
|
||||
id->destroy(id);
|
||||
break;
|
||||
case AT_NEXT_PSEUDONYM:
|
||||
id = identification_create_from_data(data);
|
||||
charon->sim->card_set_pseudonym(charon->sim, this->permanent, id);
|
||||
id->destroy(id);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
|
||||
AKA_CHALLENGE, this->crypto);
|
||||
message->add_attribute(message, AT_RES, chunk_create(res, AKA_RES_LEN));
|
||||
|
@ -165,27 +293,59 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
|
|||
}
|
||||
|
||||
/**
|
||||
* Process an EAP-AKA/Request/Identity message
|
||||
* Check if a received counter value is acceptable
|
||||
*/
|
||||
static status_t process_identity(private_eap_aka_peer_t *this,
|
||||
simaka_message_t *in, eap_payload_t **out)
|
||||
static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk)
|
||||
{
|
||||
u_int16_t counter;
|
||||
|
||||
memcpy(&counter, chunk.ptr, sizeof(counter));
|
||||
counter = htons(counter);
|
||||
return counter < this->counter;
|
||||
}
|
||||
|
||||
/**
|
||||
* process an EAP-AKA/Request/Reauthentication message
|
||||
*/
|
||||
static status_t process_reauthentication(private_eap_aka_peer_t *this,
|
||||
simaka_message_t *in, eap_payload_t **out)
|
||||
{
|
||||
simaka_message_t *message;
|
||||
enumerator_t *enumerator;
|
||||
simaka_attribute_t type;
|
||||
chunk_t data;
|
||||
chunk_t data, counter = chunk_empty, nonce = chunk_empty, id = chunk_empty;
|
||||
|
||||
if (!this->reauth)
|
||||
{
|
||||
DBG1(DBG_IKE, "received %N, but not expected",
|
||||
simaka_subtype_names, AKA_REAUTHENTICATION);
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
this->crypto->derive_keys_reauth(this->crypto,
|
||||
chunk_create(this->mk, HASH_SIZE_SHA1));
|
||||
|
||||
/* parse again with decryption key */
|
||||
if (!in->parse(in))
|
||||
{
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case AT_PERMANENT_ID_REQ:
|
||||
case AT_FULLAUTH_ID_REQ:
|
||||
case AT_ANY_ID_REQ:
|
||||
DBG1(DBG_IKE, "server requested %N, sending '%Y'",
|
||||
simaka_attribute_names, type, this->peer);
|
||||
/* we reply with our permanent identity in any case */
|
||||
case AT_COUNTER:
|
||||
counter = data;
|
||||
break;
|
||||
case AT_NONCE_S:
|
||||
nonce = data;
|
||||
break;
|
||||
case AT_NEXT_REAUTH_ID:
|
||||
id = data;
|
||||
break;
|
||||
default:
|
||||
if (!simaka_attribute_skippable(type))
|
||||
|
@ -199,11 +359,43 @@ static status_t process_identity(private_eap_aka_peer_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
if (!nonce.len || !counter.len)
|
||||
{
|
||||
DBG1(DBG_IKE, "EAP-AKA/Request/Reauthentication message incomplete");
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
return NEED_MORE;
|
||||
}
|
||||
if (!in->verify(in, nonce))
|
||||
{
|
||||
*out = create_client_error(this, in->get_identifier(in));
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
|
||||
AKA_IDENTITY, this->crypto);
|
||||
message->add_attribute(message, AT_IDENTITY,
|
||||
this->peer->get_encoding(this->peer));
|
||||
*out = message->generate(message, chunk_empty);
|
||||
AKA_REAUTHENTICATION, this->crypto);
|
||||
if (counter_too_small(this, counter))
|
||||
{
|
||||
DBG1(DBG_IKE, "reauthentication counter too small");
|
||||
message->add_attribute(message, AT_COUNTER_TOO_SMALL, chunk_empty);
|
||||
}
|
||||
else
|
||||
{
|
||||
free(this->msk.ptr);
|
||||
this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
|
||||
this->reauth, counter, nonce,
|
||||
chunk_create(this->mk, HASH_SIZE_SHA1));
|
||||
if (id.len)
|
||||
{
|
||||
identification_t *reauth;
|
||||
|
||||
reauth = identification_create_from_data(data);
|
||||
charon->sim->card_set_reauth(charon->sim, this->permanent, reauth,
|
||||
this->mk, this->counter);
|
||||
reauth->destroy(reauth);
|
||||
}
|
||||
}
|
||||
message->add_attribute(message, AT_COUNTER, counter);
|
||||
*out = message->generate(message, nonce);
|
||||
message->destroy(message);
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
@ -295,6 +487,9 @@ static status_t process(private_eap_aka_peer_t *this,
|
|||
case AKA_CHALLENGE:
|
||||
status = process_challenge(this, message, out);
|
||||
break;
|
||||
case AKA_REAUTHENTICATION:
|
||||
status = process_reauthentication(this, message, out);
|
||||
break;
|
||||
case AKA_NOTIFICATION:
|
||||
status = process_notification(this, message, out);
|
||||
break;
|
||||
|
@ -354,7 +549,9 @@ static bool is_mutual(private_eap_aka_peer_t *this)
|
|||
static void destroy(private_eap_aka_peer_t *this)
|
||||
{
|
||||
this->crypto->destroy(this->crypto);
|
||||
this->peer->destroy(this->peer);
|
||||
this->permanent->destroy(this->permanent);
|
||||
DESTROY_IF(this->pseudonym);
|
||||
DESTROY_IF(this->reauth);
|
||||
free(this->msk.ptr);
|
||||
free(this);
|
||||
}
|
||||
|
@ -380,7 +577,9 @@ eap_aka_peer_t *eap_aka_peer_create(identification_t *server,
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
this->peer = peer->clone(peer);
|
||||
this->permanent = peer->clone(peer);
|
||||
this->pseudonym = NULL;
|
||||
this->reauth = NULL;
|
||||
this->msk = chunk_empty;
|
||||
|
||||
return &this->public;
|
||||
|
|
|
@ -21,6 +21,9 @@
|
|||
#include <simaka_message.h>
|
||||
#include <simaka_crypto.h>
|
||||
|
||||
/** length of the AT_NONCE_S value */
|
||||
#define NONCE_LEN 16
|
||||
|
||||
typedef struct private_eap_aka_server_t private_eap_aka_server_t;
|
||||
|
||||
/**
|
||||
|
@ -39,20 +42,25 @@ struct private_eap_aka_server_t {
|
|||
simaka_crypto_t *crypto;
|
||||
|
||||
/**
|
||||
* ID of the peer
|
||||
* permanent ID of the peer
|
||||
*/
|
||||
identification_t *peer;
|
||||
identification_t *permanent;
|
||||
|
||||
/**
|
||||
* pseudonym ID of peer
|
||||
*/
|
||||
identification_t *pseudonym;
|
||||
|
||||
/**
|
||||
* reauthentication ID of peer
|
||||
*/
|
||||
identification_t *reauth;
|
||||
|
||||
/**
|
||||
* EAP identifier value
|
||||
*/
|
||||
u_int8_t identifier;
|
||||
|
||||
/**
|
||||
* MSK
|
||||
*/
|
||||
chunk_t msk;
|
||||
|
||||
/**
|
||||
* Expected Result XRES
|
||||
*/
|
||||
|
@ -63,6 +71,36 @@ struct private_eap_aka_server_t {
|
|||
*/
|
||||
chunk_t rand;
|
||||
|
||||
/**
|
||||
* MSK
|
||||
*/
|
||||
chunk_t msk;
|
||||
|
||||
/**
|
||||
* Nonce value used in AT_NONCE_S
|
||||
*/
|
||||
chunk_t nonce;
|
||||
|
||||
/**
|
||||
* Counter value negotiated, network order
|
||||
*/
|
||||
chunk_t counter;
|
||||
|
||||
/**
|
||||
* Do we request fast reauthentication?
|
||||
*/
|
||||
bool use_reauth;
|
||||
|
||||
/**
|
||||
* Do we request pseudonym identities?
|
||||
*/
|
||||
bool use_pseudonym;
|
||||
|
||||
/**
|
||||
* Do we request permanent identities?
|
||||
*/
|
||||
bool use_permanent;
|
||||
|
||||
/**
|
||||
* EAP-AKA message we have initiated
|
||||
*/
|
||||
|
@ -75,42 +113,68 @@ struct private_eap_aka_server_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* Check if an unknown attribute is skippable
|
||||
* Create EAP-AKA/Request/Identity message
|
||||
*/
|
||||
static bool attribute_skippable(simaka_attribute_t attribute)
|
||||
static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out)
|
||||
{
|
||||
if (attribute >= 0 && attribute <= 127)
|
||||
simaka_message_t *message;
|
||||
|
||||
message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
|
||||
AKA_IDENTITY, this->crypto);
|
||||
if (this->use_reauth)
|
||||
{
|
||||
DBG1(DBG_IKE, "ignoring skippable attribute %N",
|
||||
simaka_attribute_names, attribute);
|
||||
return TRUE;
|
||||
message->add_attribute(message, AT_ANY_ID_REQ, chunk_empty);
|
||||
}
|
||||
return FALSE;
|
||||
else if (this->use_pseudonym)
|
||||
{
|
||||
message->add_attribute(message, AT_FULLAUTH_ID_REQ, chunk_empty);
|
||||
}
|
||||
else if (this->use_permanent)
|
||||
{
|
||||
message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty);
|
||||
}
|
||||
*out = message->generate(message, chunk_empty);
|
||||
message->destroy(message);
|
||||
|
||||
this->pending = AKA_IDENTITY;
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of eap_method_t.initiate
|
||||
* Create EAP-AKA/Request/Challenge message
|
||||
*/
|
||||
static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out)
|
||||
static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
|
||||
{
|
||||
simaka_message_t *message;
|
||||
char rand[AKA_RAND_LEN], xres[AKA_RES_LEN];
|
||||
char ck[AKA_CK_LEN], ik[AKA_IK_LEN], autn[AKA_AUTN_LEN];
|
||||
chunk_t data, mk;
|
||||
identification_t *id;
|
||||
|
||||
if (!charon->sim->provider_get_quintuplet(charon->sim, this->peer,
|
||||
if (!charon->sim->provider_get_quintuplet(charon->sim, this->permanent,
|
||||
rand, xres, ck, ik, autn))
|
||||
{
|
||||
DBG1(DBG_IKE, "no AKA provider found with quintuplets for '%Y'",
|
||||
this->peer);
|
||||
if (this->use_pseudonym)
|
||||
{
|
||||
/* probably received a pseudonym/reauth id we couldn't map */
|
||||
DBG1(DBG_IKE, "failed to map pseudonym/reauth identity '%Y', "
|
||||
"fallback to permanent identity request", this->permanent);
|
||||
this->use_pseudonym = FALSE;
|
||||
DESTROY_IF(this->pseudonym);
|
||||
this->pseudonym = NULL;
|
||||
return identity(this, out);
|
||||
}
|
||||
return FAILED;
|
||||
}
|
||||
id = this->permanent;
|
||||
if (this->pseudonym)
|
||||
{
|
||||
id = this->pseudonym;
|
||||
}
|
||||
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
|
||||
chunk_create(ck, AKA_CK_LEN));
|
||||
free(this->msk.ptr);
|
||||
this->msk = this->crypto->derive_keys_full(this->crypto, this->peer,
|
||||
data, &mk);
|
||||
free(mk.ptr);
|
||||
this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
|
||||
this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
|
||||
this->xres = chunk_clone(chunk_create(xres, AKA_RES_LEN));
|
||||
|
||||
|
@ -118,13 +182,178 @@ static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out)
|
|||
AKA_CHALLENGE, this->crypto);
|
||||
message->add_attribute(message, AT_RAND, this->rand);
|
||||
message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN));
|
||||
id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr);
|
||||
if (id)
|
||||
{
|
||||
message->add_attribute(message, AT_NEXT_REAUTH_ID,
|
||||
id->get_encoding(id));
|
||||
id->destroy(id);
|
||||
}
|
||||
else
|
||||
{
|
||||
id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent);
|
||||
if (id)
|
||||
{
|
||||
message->add_attribute(message, AT_NEXT_PSEUDONYM,
|
||||
id->get_encoding(id));
|
||||
id->destroy(id);
|
||||
}
|
||||
}
|
||||
*out = message->generate(message, chunk_empty);
|
||||
message->destroy(message);
|
||||
|
||||
free(mk.ptr);
|
||||
this->pending = AKA_CHALLENGE;
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initiate EAP-AKA/Request/Re-authentication message
|
||||
*/
|
||||
static status_t reauthenticate(private_eap_aka_server_t *this,
|
||||
char mk[HASH_SIZE_SHA1], u_int16_t counter,
|
||||
eap_payload_t **out)
|
||||
{
|
||||
simaka_message_t *message;
|
||||
identification_t *next;
|
||||
chunk_t mkc;
|
||||
rng_t *rng;
|
||||
|
||||
DBG1(DBG_IKE, "initiating EAP-AKA reauthentication");
|
||||
|
||||
rng = this->crypto->get_rng(this->crypto);
|
||||
rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
|
||||
|
||||
mkc = chunk_create(mk, HASH_SIZE_SHA1);
|
||||
counter = htons(counter);
|
||||
this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
|
||||
|
||||
this->crypto->derive_keys_reauth(this->crypto, mkc);
|
||||
this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
|
||||
this->reauth, this->counter, this->nonce, mkc);
|
||||
|
||||
message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
|
||||
AKA_REAUTHENTICATION, this->crypto);
|
||||
message->add_attribute(message, AT_COUNTER, this->counter);
|
||||
message->add_attribute(message, AT_NONCE_S, this->nonce);
|
||||
next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk);
|
||||
if (next)
|
||||
{
|
||||
message->add_attribute(message, AT_NEXT_REAUTH_ID,
|
||||
next->get_encoding(next));
|
||||
next->destroy(next);
|
||||
}
|
||||
/* create AT_MAC over EAP-Message|NONCE_S */
|
||||
*out = message->generate(message, this->nonce);
|
||||
message->destroy(message);
|
||||
|
||||
this->pending = SIM_REAUTHENTICATION;
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of eap_method_t.initiate
|
||||
*/
|
||||
static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out)
|
||||
{
|
||||
if (this->use_permanent || this->use_pseudonym || this->use_reauth)
|
||||
{
|
||||
return identity(this, out);
|
||||
}
|
||||
return challenge(this, out);
|
||||
}
|
||||
|
||||
/**
|
||||
* Process EAP-AKA/Response/Identity message
|
||||
*/
|
||||
static status_t process_identity(private_eap_aka_server_t *this,
|
||||
simaka_message_t *in, eap_payload_t **out)
|
||||
{
|
||||
identification_t *permanent, *id;
|
||||
enumerator_t *enumerator;
|
||||
simaka_attribute_t type;
|
||||
chunk_t data, identity = chunk_empty;
|
||||
|
||||
if (this->pending != AKA_IDENTITY)
|
||||
{
|
||||
DBG1(DBG_IKE, "received %N, but not expected",
|
||||
simaka_subtype_names, AKA_IDENTITY);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case AT_IDENTITY:
|
||||
identity = data;
|
||||
break;
|
||||
default:
|
||||
if (!simaka_attribute_skippable(type))
|
||||
{
|
||||
enumerator->destroy(enumerator);
|
||||
return FAILED;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
if (!identity.len)
|
||||
{
|
||||
DBG1(DBG_IKE, "received incomplete Identity response");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
id = identification_create_from_data(identity);
|
||||
if (this->use_reauth)
|
||||
{
|
||||
char mk[HASH_SIZE_SHA1];
|
||||
u_int16_t counter;
|
||||
|
||||
permanent = charon->sim->provider_is_reauth(charon->sim, id,
|
||||
mk, &counter);
|
||||
if (permanent)
|
||||
{
|
||||
this->permanent->destroy(this->permanent);
|
||||
this->permanent = permanent;
|
||||
this->reauth = id;
|
||||
return reauthenticate(this, mk, counter, out);
|
||||
}
|
||||
/* unable to map, maybe a pseudonym? */
|
||||
DBG1(DBG_IKE, "%Y is not a reauth identity", id);
|
||||
this->use_reauth = FALSE;
|
||||
}
|
||||
if (this->use_pseudonym)
|
||||
{
|
||||
permanent = charon->sim->provider_is_pseudonym(charon->sim, id);
|
||||
if (permanent)
|
||||
{
|
||||
this->permanent->destroy(this->permanent);
|
||||
this->permanent = permanent;
|
||||
this->pseudonym = id->clone(id);
|
||||
/* we already have a new permanent identity now */
|
||||
this->use_permanent = FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_IKE, "%Y is not a pseudonym", id);
|
||||
}
|
||||
}
|
||||
if (!this->pseudonym && this->use_permanent)
|
||||
{
|
||||
/* got a permanent identity or a pseudonym reauth id wou couldn't map,
|
||||
* try to get quintuplets */
|
||||
DBG1(DBG_IKE, "received identity '%Y'", id);
|
||||
this->permanent->destroy(this->permanent);
|
||||
this->permanent = id->clone(id);
|
||||
}
|
||||
id->destroy(id);
|
||||
|
||||
return challenge(this, out);
|
||||
}
|
||||
|
||||
/**
|
||||
* Process EAP-AKA/Response/Challenge message
|
||||
*/
|
||||
|
@ -150,11 +379,9 @@ static status_t process_challenge(private_eap_aka_server_t *this,
|
|||
res = data;
|
||||
break;
|
||||
default:
|
||||
if (!attribute_skippable(type))
|
||||
if (!simaka_attribute_skippable(type))
|
||||
{
|
||||
enumerator->destroy(enumerator);
|
||||
DBG1(DBG_IKE, "found non skippable attribute %N",
|
||||
simaka_attribute_names, type);
|
||||
return FAILED;
|
||||
}
|
||||
break;
|
||||
|
@ -177,6 +404,67 @@ static status_t process_challenge(private_eap_aka_server_t *this,
|
|||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* process an EAP-AKA/Response/Reauthentication message
|
||||
*/
|
||||
static status_t process_reauthentication(private_eap_aka_server_t *this,
|
||||
simaka_message_t *in, eap_payload_t **out)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
simaka_attribute_t type;
|
||||
chunk_t data, counter = chunk_empty;
|
||||
bool too_small = FALSE;
|
||||
|
||||
if (this->pending != AKA_REAUTHENTICATION)
|
||||
{
|
||||
DBG1(DBG_IKE, "received %N, but not expected",
|
||||
simaka_subtype_names, AKA_REAUTHENTICATION);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
enumerator = in->create_attribute_enumerator(in);
|
||||
while (enumerator->enumerate(enumerator, &type, &data))
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case AT_COUNTER:
|
||||
counter = data;
|
||||
break;
|
||||
case AT_COUNTER_TOO_SMALL:
|
||||
too_small = TRUE;
|
||||
break;
|
||||
default:
|
||||
if (!simaka_attribute_skippable(type))
|
||||
{
|
||||
enumerator->destroy(enumerator);
|
||||
return FAILED;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */
|
||||
if (!in->verify(in, this->nonce))
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
if (too_small)
|
||||
{
|
||||
DBG1(DBG_IKE, "received %N, initiating full authentication",
|
||||
simaka_attribute_names, AT_COUNTER_TOO_SMALL);
|
||||
this->use_reauth = FALSE;
|
||||
this->crypto->clear_keys(this->crypto);
|
||||
return challenge(this, out);
|
||||
}
|
||||
if (!chunk_equals(counter, this->counter))
|
||||
{
|
||||
DBG1(DBG_IKE, "received counter does not match");
|
||||
return FAILED;
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process EAP-AKA/Response/SynchronizationFailure message
|
||||
*/
|
||||
|
@ -205,11 +493,9 @@ static status_t process_synchronize(private_eap_aka_server_t *this,
|
|||
auts = data;
|
||||
break;
|
||||
default:
|
||||
if (!attribute_skippable(type))
|
||||
if (!simaka_attribute_skippable(type))
|
||||
{
|
||||
enumerator->destroy(enumerator);
|
||||
DBG1(DBG_IKE, "found non skippable attribute %N",
|
||||
simaka_attribute_names, type);
|
||||
return FAILED;
|
||||
}
|
||||
break;
|
||||
|
@ -223,15 +509,15 @@ static status_t process_synchronize(private_eap_aka_server_t *this,
|
|||
return FAILED;
|
||||
}
|
||||
|
||||
if (!charon->sim->provider_resync(charon->sim, this->peer,
|
||||
if (!charon->sim->provider_resync(charon->sim, this->permanent,
|
||||
this->rand.ptr, auts.ptr))
|
||||
{
|
||||
DBG1(DBG_IKE, "no AKA provider found supporting "
|
||||
"resynchronization for '%Y'", this->peer);
|
||||
"resynchronization for '%Y'", this->permanent);
|
||||
return FAILED;
|
||||
}
|
||||
this->synchronized = TRUE;
|
||||
return initiate(this, out);
|
||||
return challenge(this, out);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -296,9 +582,15 @@ static status_t process(private_eap_aka_server_t *this,
|
|||
}
|
||||
switch (message->get_subtype(message))
|
||||
{
|
||||
case AKA_IDENTITY:
|
||||
status = process_identity(this, message, out);
|
||||
break;
|
||||
case AKA_CHALLENGE:
|
||||
status = process_challenge(this, message);
|
||||
break;
|
||||
case AKA_REAUTHENTICATION:
|
||||
status = process_reauthentication(this, message, out);
|
||||
break;
|
||||
case AKA_SYNCHRONIZATION_FAILURE:
|
||||
status = process_synchronize(this, message, out);
|
||||
break;
|
||||
|
@ -354,10 +646,14 @@ static bool is_mutual(private_eap_aka_server_t *this)
|
|||
static void destroy(private_eap_aka_server_t *this)
|
||||
{
|
||||
this->crypto->destroy(this->crypto);
|
||||
this->peer->destroy(this->peer);
|
||||
free(this->msk.ptr);
|
||||
this->permanent->destroy(this->permanent);
|
||||
DESTROY_IF(this->pseudonym);
|
||||
DESTROY_IF(this->reauth);
|
||||
free(this->xres.ptr);
|
||||
free(this->rand.ptr);
|
||||
free(this->nonce.ptr);
|
||||
free(this->msk.ptr);
|
||||
free(this->counter.ptr);
|
||||
free(this);
|
||||
}
|
||||
|
||||
|
@ -382,12 +678,19 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
this->peer = peer->clone(peer);
|
||||
this->msk = chunk_empty;
|
||||
this->permanent = peer->clone(peer);
|
||||
this->pseudonym = NULL;
|
||||
this->reauth = NULL;
|
||||
this->xres = chunk_empty;
|
||||
this->rand = chunk_empty;
|
||||
this->nonce = chunk_empty;
|
||||
this->msk = chunk_empty;
|
||||
this->counter = chunk_empty;
|
||||
this->pending = 0;
|
||||
this->synchronized = FALSE;
|
||||
this->use_reauth = this->use_pseudonym = this->use_permanent =
|
||||
lib->settings->get_bool(lib->settings,
|
||||
"charon.plugins.eap-aka.request_identity", TRUE);
|
||||
/* generate a non-zero identifier */
|
||||
do {
|
||||
this->identifier = random();
|
||||
|
|
|
@ -330,7 +330,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
|
|||
this->counter = 0;
|
||||
id = identification_create_from_data(data);
|
||||
charon->sim->card_set_reauth(charon->sim, this->permanent, id,
|
||||
this->mk, this->counter);
|
||||
this->mk, this->counter);
|
||||
id->destroy(id);
|
||||
break;
|
||||
case AT_NEXT_PSEUDONYM:
|
||||
|
|
|
@ -305,8 +305,6 @@ static status_t process_start(private_eap_sim_server_t *this,
|
|||
mk, &counter);
|
||||
if (permanent)
|
||||
{
|
||||
DBG1(DBG_IKE, "received reauthentication identity '%Y' "
|
||||
"mapping to '%Y'", id, permanent);
|
||||
this->permanent->destroy(this->permanent);
|
||||
this->permanent = permanent;
|
||||
this->reauth = id;
|
||||
|
@ -323,8 +321,6 @@ static status_t process_start(private_eap_sim_server_t *this,
|
|||
permanent = charon->sim->provider_is_pseudonym(charon->sim, id);
|
||||
if (permanent)
|
||||
{
|
||||
DBG1(DBG_IKE, "received pseudonym identity '%Y' "
|
||||
"mapping to '%Y'", id, permanent);
|
||||
this->permanent->destroy(this->permanent);
|
||||
this->permanent = permanent;
|
||||
this->pseudonym = id->clone(id);
|
||||
|
|
|
@ -336,6 +336,8 @@ static identification_t* provider_is_pseudonym(private_sim_manager_t *this,
|
|||
permanent = provider->is_pseudonym(provider, id);
|
||||
if (permanent)
|
||||
{
|
||||
DBG1(DBG_IKE, "received pseudonym identity '%Y' "
|
||||
"mapping to '%Y'", id, permanent);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -384,6 +386,8 @@ static identification_t* provider_is_reauth(private_sim_manager_t *this,
|
|||
permanent = provider->is_reauth(provider, id, mk, counter);
|
||||
if (permanent)
|
||||
{
|
||||
DBG1(DBG_IKE, "received reauthentication identity '%Y' "
|
||||
"mapping to '%Y'", id, permanent);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue