Migrated EAP-SIM to libsimaka, separated server/peer implementations

src/charon/plugins/eap_sim/Makefile.am

@@ -1,13 +1,14 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
+  -I$(top_srcdir)/src/libsimaka
 
-AM_CFLAGS = -rdynamic \
-	-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-	-DSIM_READER_LIB=\"${sim_reader}\"
+AM_CFLAGS = -rdynamic
 
 plugin_LTLIBRARIES = libstrongswan-eap-sim.la
 
-libstrongswan_eap_sim_la_SOURCES = eap_sim.h eap_sim.c \
-  eap_sim_plugin.h eap_sim_plugin.c
+libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \
+  eap_sim_peer.h eap_sim_peer.c \
+  eap_sim_server.h eap_sim_server.c
+libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.a
 libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
 

src/charon/plugins/eap_sim/eap_sim_peer.c

@@ -0,0 +1,524 @@
+/*
+ * Copyright (C) 2007-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_sim_peer.h"
+
+#include <daemon.h>
+
+#include <simaka_message.h>
+
+/* number of tries we do authenticate */
+#define MAX_TRIES 3
+
+/* number of triplets for one authentication */
+#define TRIPLET_COUNT 3
+
+/** length of the AT_NONCE_MT/AT_NONCE_S nonce value */
+#define NONCE_LEN 16
+/** length of the AT_MAC value */
+#define MAC_LEN 16
+/** length of the AT_RAND value */
+#define RAND_LEN 16
+/** length of Kc */
+#define KC_LEN 8
+/** length of SRES */
+#define SRES_LEN 4
+/** length of the k_encr key */
+#define KENCR_LEN 16
+/** length of the k_auth key */
+#define KAUTH_LEN 16
+/** length of the MSK */
+#define MSK_LEN 64
+/** length of the EMSK */
+#define EMSK_LEN 64
+
+typedef struct private_eap_sim_peer_t private_eap_sim_peer_t;
+
+/**
+ * Private data of an eap_sim_peer_t object.
+ */
+struct private_eap_sim_peer_t {
+
+	/**
+	 * Public authenticator_t interface.
+	 */
+	eap_sim_peer_t public;
+
+	/**
+	 * permanent ID of peer
+	 */
+	identification_t *peer;
+
+	/**
+	 * RNG to create nonces, IVs
+	 */
+	rng_t *rng;
+
+	/**
+	 * hashing function
+	 */
+	hasher_t *hasher;
+
+	/**
+	 * prf
+	 */
+	prf_t *prf;
+
+	/**
+	 * MAC function
+	 */
+	signer_t *signer;
+
+	/**
+	 * encryption function
+	 */
+	crypter_t *crypter;
+
+	/**
+	 * how many times we try to authenticate
+	 */
+	int tries;
+
+	/**
+	 * version list received from server
+	 */
+	chunk_t version_list;
+
+	/**
+	 * Nonce value used in AT_NONCE_MT/AT_NONCE_S
+	 */
+	chunk_t nonce;
+
+	/**
+	 * MSK, used for EAP-SIM based IKEv2 authentication
+	 */
+	chunk_t msk;
+};
+
+/* version of SIM protocol we speak */
+static chunk_t version = chunk_from_chars(0x00,0x01);
+/* client error codes used in AT_CLIENT_ERROR_CODE */
+static chunk_t client_error_general = chunk_from_chars(0x00, 0x01);
+static chunk_t client_error_unsupported = chunk_from_chars(0x00, 0x02);
+static chunk_t client_error_insufficient = chunk_from_chars(0x00, 0x03);
+
+/**
+ * Read a triplet from the SIM card
+ */
+static bool get_card_triplet(private_eap_sim_peer_t *this,
+							 char *rand, char *sres, char *kc)
+{
+	enumerator_t *enumerator;
+	sim_card_t *card;
+	bool success = FALSE;
+
+	enumerator = charon->sim->create_card_enumerator(charon->sim);
+	while (enumerator->enumerate(enumerator, &card))
+	{
+		if (card->get_triplet(card, this->peer, rand, sres, kc))
+		{
+			success = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (!success)
+	{
+		DBG1(DBG_IKE, "no SIM card found with triplets for '%Y'", this->peer);
+	}
+	return success;
+}
+
+/**
+ * Derive EAP keys from kc when using full authentication
+ */
+static void derive_keys_full(private_eap_sim_peer_t *this, chunk_t kcs)
+{
+	char mk[HASH_SIZE_SHA1], k_encr[KENCR_LEN], k_auth[KAUTH_LEN];
+	chunk_t tmp;
+	int i;
+
+	/* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
+	tmp = chunk_cata("ccccc", this->peer->get_encoding(this->peer),
+					 kcs, this->nonce, this->version_list, version);
+	this->hasher->get_hash(this->hasher, tmp, mk);
+	DBG3(DBG_IKE, "MK = SHA1(%B\n) = %b", &tmp, mk, HASH_SIZE_SHA1);
+
+	/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf()
+	 * We currently don't need EMSK, so three prf() are sufficient */
+	this->prf->set_key(this->prf, chunk_create(mk, HASH_SIZE_SHA1));
+	tmp = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
+	for (i = 0; i < 3; i++)
+	{
+		this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 3 * i);
+	}
+	memcpy(k_encr, tmp.ptr, KENCR_LEN);
+	tmp = chunk_skip(tmp, KENCR_LEN);
+	memcpy(k_auth, tmp.ptr, KAUTH_LEN);
+	tmp = chunk_skip(tmp, KAUTH_LEN);
+	free(this->msk.ptr);
+	this->msk = chunk_alloc(MSK_LEN);
+	memcpy(this->msk.ptr, tmp.ptr, MSK_LEN);
+	DBG3(DBG_IKE, "K_encr %b\nK_auth %b\nMSK %B",
+		 k_encr, KENCR_LEN, k_auth, KAUTH_LEN, &this->msk);
+
+	this->signer->set_key(this->signer, chunk_create(k_auth, KAUTH_LEN));
+	this->crypter->set_key(this->crypter, chunk_create(k_encr, KENCR_LEN));
+}
+
+/**
+ * Send a SIM_CLIENT_ERROR
+ */
+static eap_payload_t* create_client_error(private_eap_sim_peer_t *this,
+										  u_int8_t identifier, chunk_t code)
+{
+	simaka_message_t *message;
+	eap_payload_t *out;
+
+	message = simaka_message_create(FALSE, identifier,
+									EAP_SIM, SIM_CLIENT_ERROR);
+	message->add_attribute(message, AT_CLIENT_ERROR_CODE, code);
+	out = message->generate(message, NULL, NULL, NULL, chunk_empty);
+	message->destroy(message);
+	return out;
+}
+
+/**
+ * process an EAP-SIM/Request/Start message
+ */
+static status_t process_start(private_eap_sim_peer_t *this,
+							  simaka_message_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data;
+	bool supported = FALSE;
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		switch (type)
+		{
+			case AT_VERSION_LIST:
+			{
+				free(this->version_list.ptr);
+				this->version_list = chunk_clone(data);
+				while (data.len >= version.len)
+				{
+					if (memeq(data.ptr, version.ptr, version.len))
+					{
+						supported = TRUE;
+						break;
+					}
+				}
+				break;
+			}
+			default:
+				DBG1(DBG_IKE, "ignoring EAP-SIM attribute %N",
+					 simaka_attribute_names, type);
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (!supported)
+	{
+		DBG1(DBG_IKE, "server does not support EAP-SIM version number 1");
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_unsupported);
+		return NEED_MORE;
+	}
+
+	/* generate AT_NONCE_MT value */
+	free(this->nonce.ptr);
+	this->rng->allocate_bytes(this->rng, NONCE_LEN, &this->nonce);
+
+	message = simaka_message_create(FALSE, in->get_identifier(in),
+									EAP_SIM, SIM_START);
+	message->add_attribute(message, AT_SELECTED_VERSION, version);
+	message->add_attribute(message, AT_NONCE_MT, this->nonce);
+	*out = message->generate(message, NULL, NULL, NULL, chunk_empty);
+	message->destroy(message);
+
+	return NEED_MORE;
+}
+
+/**
+ * process an EAP-SIM/Request/Challenge message
+ */
+static status_t process_challenge(private_eap_sim_peer_t *this,
+								  simaka_message_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data, rands = chunk_empty, kcs, kc, sreses, sres;
+
+	if (this->tries-- <= 0)
+	{
+		/* give up without notification. This hack is required as some buggy
+		 * server implementations won't respect our client-error. */
+		return FAILED;
+	}
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		switch (type)
+		{
+			case AT_RAND:
+			{
+				rands = data;
+				break;
+			}
+			default:
+				DBG1(DBG_IKE, "ignoring EAP-SIM attribute %N",
+					 simaka_attribute_names, type);
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	/* excepting two or three RAND, each 16 bytes. We require two valid
+	 * and different RANDs */
+	if ((rands.len != 2 * RAND_LEN && rands.len != 3 * RAND_LEN) ||
+		memeq(rands.ptr, rands.ptr + RAND_LEN, RAND_LEN))
+	{
+		DBG1(DBG_IKE, "no valid AT_RAND received");
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_insufficient);
+		return NEED_MORE;
+	}
+	/* get two or three KCs/SRESes from SIM using RANDs */
+	kcs = kc = chunk_alloca(rands.len / 2);
+	sreses = sres = chunk_alloca(rands.len / 4);
+	while (rands.len >= RAND_LEN)
+	{
+		if (!get_card_triplet(this, rands.ptr, sres.ptr, kc.ptr))
+		{
+			DBG1(DBG_IKE, "unable to get EAP-SIM triplet");
+			*out = create_client_error(this, in->get_identifier(in),
+									   client_error_general);
+			return NEED_MORE;
+		}
+		DBG3(DBG_IKE, "got triplet for RAND %b\n  Kc %b\n  SRES %b",
+			 rands.ptr, RAND_LEN, sres.ptr, SRES_LEN, kc.ptr, KC_LEN);
+		kc = chunk_skip(kc, KC_LEN);
+		sres = chunk_skip(sres, SRES_LEN);
+		rands = chunk_skip(rands, RAND_LEN);
+	}
+
+	derive_keys_full(this, kcs);
+
+	/* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT"  */
+	if (!in->verify(in, this->signer, this->nonce))
+	{
+		DBG1(DBG_IKE, "AT_MAC verification failed");
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_general);
+		return NEED_MORE;
+	}
+
+	/* build response with AT_MAC, built over "EAP packet | n*SRES" */
+	message = simaka_message_create(FALSE, in->get_identifier(in),
+									EAP_SIM, SIM_CHALLENGE);
+	*out = message->generate(message, NULL, NULL, this->signer, sreses);
+	message->destroy(message);
+	return NEED_MORE;
+}
+
+/**
+ * process an EAP-SIM/Request/Notification message
+ */
+static status_t process_notification(private_eap_sim_peer_t *this,
+									 simaka_message_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data;
+	bool success = TRUE;
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		if (type == AT_NOTIFICATION)
+		{
+			/* test success bit */
+			if (!(data.ptr[0] & 0x80))
+			{
+				success = FALSE;
+				DBG1(DBG_IKE, "received EAP-SIM notification error %#B", &data);
+			}
+			else
+			{
+				DBG1(DBG_IKE, "received EAP-SIM notification code %#B", &data);
+			}
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (success)
+	{	/* empty notification reply */
+		message = simaka_message_create(FALSE, in->get_identifier(in),
+										EAP_SIM, SIM_NOTIFICATION);
+		*out = message->generate(message, NULL, NULL, NULL, chunk_empty);
+		message->destroy(message);
+	}
+	else
+	{
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_general);
+	}
+	return NEED_MORE;
+}
+
+/**
+ * Implementation of eap_method_t.process
+ */
+static status_t process(private_eap_sim_peer_t *this,
+						eap_payload_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	status_t status;
+
+	message = simaka_message_create_from_payload(in);
+	if (!message)
+	{
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_general);
+		return NEED_MORE;
+	}
+	if (!message->parse(message, this->crypter))
+	{
+		message->destroy(message);
+		*out = create_client_error(this, in->get_identifier(in),
+								   client_error_general);
+		return NEED_MORE;
+	}
+	switch (message->get_subtype(message))
+	{
+		case SIM_START:
+			status = process_start(this, message, out);
+			break;
+		case SIM_CHALLENGE:
+			status = process_challenge(this, message, out);
+			break;
+		case SIM_NOTIFICATION:
+			status = process_notification(this, message, out);
+			break;
+		default:
+			*out = create_client_error(this, in->get_identifier(in),
+									   client_error_general);
+			status = NEED_MORE;
+			break;
+	}
+	message->destroy(message);
+	return status;
+}
+
+/**
+ * Implementation of eap_method_t.initiate
+ */
+static status_t initiate(private_eap_sim_peer_t *this, eap_payload_t **out)
+{
+	/* peer never initiates */
+	return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.get_type.
+ */
+static eap_type_t get_type(private_eap_sim_peer_t *this, u_int32_t *vendor)
+{
+	*vendor = 0;
+	return EAP_SIM;
+}
+
+/**
+ * Implementation of eap_method_t.get_msk.
+ */
+static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk)
+{
+	if (this->msk.ptr)
+	{
+		*msk = this->msk;
+		return SUCCESS;
+	}
+	return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.is_mutual.
+ */
+static bool is_mutual(private_eap_sim_peer_t *this)
+{
+	return TRUE;
+}
+
+/**
+ * Implementation of eap_method_t.destroy.
+ */
+static void destroy(private_eap_sim_peer_t *this)
+{
+	this->peer->destroy(this->peer);
+	DESTROY_IF(this->rng);
+	DESTROY_IF(this->hasher);
+	DESTROY_IF(this->prf);
+	DESTROY_IF(this->signer);
+	DESTROY_IF(this->crypter);
+	free(this->version_list.ptr);
+	free(this->nonce.ptr);
+	free(this->msk.ptr);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+eap_sim_peer_t *eap_sim_peer_create(identification_t *server,
+									identification_t *peer)
+{
+	private_eap_sim_peer_t *this = malloc_thing(private_eap_sim_peer_t);
+
+	this->peer = peer->clone(peer);
+	this->tries = MAX_TRIES;
+	this->version_list = chunk_empty;
+	this->nonce = chunk_empty;
+	this->msk = chunk_empty;
+
+	this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate;
+	this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process;
+	this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type;
+	this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual;
+	this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk;
+	this->public.interface.destroy = (void(*)(eap_method_t*))destroy;
+
+	this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+	this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+	this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160);
+	this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128);
+	this->crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16);
+	if (!this->rng || !this->hasher || !this->prf ||
+		!this->signer || !this->crypter)
+	{
+		DBG1(DBG_IKE, "unable to use EAP-SIM, missing algorithms");
+		destroy(this);
+		return NULL;
+	}
+	return &this->public;
+}
+

src/charon/plugins/eap_sim/eap_sim_peer.h

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_sim_peer eap_sim_peer
+ * @{ @ingroup eap_sim
+ */
+
+#ifndef EAP_SIM_PEER_H_
+#define EAP_SIM_PEER_H_
+
+#include <sa/authenticators/eap/eap_method.h>
+
+typedef struct eap_sim_peer_t eap_sim_peer_t;
+
+/**
+ * EAP-SIM peer implementation.
+ *
+ * This EAP-SIM module uses sim_card_t implementations for triplet calculation,
+ * found via the eap_sim_manager_t.
+ */
+struct eap_sim_peer_t {
+
+	/**
+	 * Implemented eap_method_t interface.
+	 */
+	eap_method_t interface;
+
+	/**
+	 * Destroy a eap_sim_peer_t.
+	 */
+	void (*destroy)(eap_sim_peer_t *this);
+};
+
+/**
+ * Creates the EAP method EAP-SIM acting as peer.
+ *
+ * @param server	ID of the EAP server
+ * @param peer		ID of the EAP peer
+ * @return			eap_sim_t object
+ */
+eap_sim_peer_t *eap_sim_peer_create(identification_t *server,
+									identification_t *peer);
+
+#endif /* EAP_SIM_PEER_H_ @}*/

src/charon/plugins/eap_sim/eap_sim_plugin.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2008-2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,8 @@
 
 #include "eap_sim_plugin.h"
 
-#include "eap_sim.h"
+#include "eap_sim_server.h"
+#include "eap_sim_peer.h"
 
 #include <daemon.h>
 
@@ -25,9 +26,9 @@
 static void destroy(eap_sim_plugin_t *this)
 {
 	charon->eap->remove_method(charon->eap,
-							   (eap_constructor_t)eap_sim_create_server);
+							   (eap_constructor_t)eap_sim_server_create);
 	charon->eap->remove_method(charon->eap,
-							   (eap_constructor_t)eap_sim_create_peer);
+							   (eap_constructor_t)eap_sim_peer_create);
 	free(this);
 }
 
@@ -41,9 +42,9 @@ plugin_t *plugin_create()
 	this->plugin.destroy = (void(*)(plugin_t*))destroy;
 
 	charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER,
-							(eap_constructor_t)eap_sim_create_server);
+							(eap_constructor_t)eap_sim_server_create);
 	charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER,
-							(eap_constructor_t)eap_sim_create_peer);
+							(eap_constructor_t)eap_sim_peer_create);
 
 	return &this->plugin;
 }

src/charon/plugins/eap_sim/eap_sim_server.c

@@ -0,0 +1,432 @@
+/*
+ * Copyright (C) 2007-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_sim_server.h"
+
+#include <daemon.h>
+
+#include <simaka_message.h>
+
+/* number of triplets for one authentication */
+#define TRIPLET_COUNT 3
+
+/** length of the AT_NONCE_MT/AT_NONCE_S nonce value */
+#define NONCE_LEN 16
+/** length of the AT_MAC value */
+#define MAC_LEN 16
+/** length of the AT_RAND value */
+#define RAND_LEN 16
+/** length of Kc */
+#define KC_LEN 8
+/** length of SRES */
+#define SRES_LEN 4
+/** length of the k_encr key */
+#define KENCR_LEN 16
+/** length of the k_auth key */
+#define KAUTH_LEN 16
+/** length of the MSK */
+#define MSK_LEN 64
+/** length of the EMSK */
+#define EMSK_LEN 64
+
+typedef struct private_eap_sim_server_t private_eap_sim_server_t;
+
+/**
+ * Private data of an eap_sim_server_t object.
+ */
+struct private_eap_sim_server_t {
+
+	/**
+	 * Public authenticator_t interface.
+	 */
+	eap_sim_server_t public;
+
+	/**
+	 * permanent ID of peer
+	 */
+	identification_t *peer;
+
+	/**
+	 * Random number generator for nonce, IVs
+	 */
+	rng_t *rng;
+
+	/**
+	 * hashing function
+	 */
+	hasher_t *hasher;
+
+	/**
+	 * prf
+	 */
+	prf_t *prf;
+
+	/**
+	 * MAC function
+	 */
+	signer_t *signer;
+
+	/**
+	 * encryption function
+	 */
+	crypter_t *crypter;
+
+	/**
+	 * unique EAP identifier
+	 */
+	u_int8_t identifier;
+
+	/**
+	 * concatenated SRES values
+	 */
+	chunk_t sreses;
+
+	/**
+	 * MSK, used for EAP-SIM based IKEv2 authentication
+	 */
+	chunk_t msk;
+};
+
+/**
+ * Fetch a triplet from a provider
+ */
+static bool get_provider_triplet(private_eap_sim_server_t *this,
+								 char *rand, char *sres, char *kc)
+{
+	enumerator_t *enumerator;
+	sim_provider_t *provider;
+	int tried = 0;
+
+	enumerator = charon->sim->create_provider_enumerator(charon->sim);
+	while (enumerator->enumerate(enumerator, &provider))
+	{
+		if (provider->get_triplet(provider, this->peer, rand, sres, kc))
+		{
+			enumerator->destroy(enumerator);
+			return TRUE;
+		}
+		tried++;
+	}
+	enumerator->destroy(enumerator);
+	DBG1(DBG_IKE, "tried %d SIM providers, but none had a triplet for '%Y'",
+		 tried, this->peer);
+	return FALSE;
+}
+
+/**
+ * Derive EAP keys from kc when using full authentication
+ */
+static void derive_keys_full(private_eap_sim_server_t *this,
+							 chunk_t kcs, chunk_t nonce)
+{
+	char mk[HASH_SIZE_SHA1], k_encr[KENCR_LEN], k_auth[KAUTH_LEN];
+	chunk_t tmp;
+	int i;
+
+	/* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */
+	tmp = chunk_cata("ccccc", this->peer->get_encoding(this->peer),
+					 kcs, nonce, version, version);
+	this->hasher->get_hash(this->hasher, tmp, mk);
+	DBG3(DBG_IKE, "MK = SHA1(%B\n) = %b", &tmp, mk, HASH_SIZE_SHA1);
+
+	/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf()
+	 * We currently don't need EMSK, so three prf() are sufficient */
+	this->prf->set_key(this->prf, chunk_create(mk, HASH_SIZE_SHA1));
+	tmp = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
+	for (i = 0; i < 3; i++)
+	{
+		this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 3 * i);
+	}
+	memcpy(k_encr, tmp.ptr, KENCR_LEN);
+	tmp = chunk_skip(tmp, KENCR_LEN);
+	memcpy(k_auth, tmp.ptr, KAUTH_LEN);
+	tmp = chunk_skip(tmp, KAUTH_LEN);
+	free(this->msk.ptr);
+	this->msk = chunk_alloc(MSK_LEN);
+	memcpy(this->msk.ptr, tmp.ptr, MSK_LEN);
+	DBG3(DBG_IKE, "K_encr %b\nK_auth %b\nMSK %B",
+		 k_encr, KENCR_LEN, k_auth, KAUTH_LEN, &this->msk);
+
+	this->signer->set_key(this->signer, chunk_create(k_auth, KAUTH_LEN));
+	this->crypter->set_key(this->crypter, chunk_create(k_encr, KENCR_LEN));
+}
+
+/**
+ * process an EAP-SIM/Response/Start message
+ */
+static status_t process_start(private_eap_sim_server_t *this,
+							  simaka_message_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data, rands, rand, kcs, kc, sreses, sres, nonce = chunk_empty;
+	bool supported = FALSE;
+	int i;
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		switch (type)
+		{
+			case AT_NONCE_MT:
+				nonce = data;
+				break;
+			case AT_SELECTED_VERSION:
+				if (chunk_equals(data, version))
+				{
+					supported = TRUE;
+				}
+				break;
+			default:
+				DBG1(DBG_IKE, "ignoring EAP-SIM attribute %N",
+					 simaka_attribute_names, type);
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (!supported || !nonce.len)
+	{
+		DBG1(DBG_IKE, "received incomplete EAP-SIM/Response/Start");
+		return FAILED;
+	}
+
+	/* read triplets from provider */
+	rand = rands = chunk_alloca(RAND_LEN * TRIPLET_COUNT);
+	kc = kcs = chunk_alloca(KC_LEN * TRIPLET_COUNT);
+	sres = sreses = chunk_alloca(SRES_LEN * TRIPLET_COUNT);
+	rands.len = kcs.len = sreses.len = 0;
+	for (i = 0; i < TRIPLET_COUNT; i++)
+	{
+		if (!get_provider_triplet(this, rand.ptr, sres.ptr, kc.ptr))
+		{
+			DBG1(DBG_IKE, "getting EAP-SIM triplet %d failed", i);
+			return FAILED;
+		}
+		rands.len += RAND_LEN;
+		sreses.len += SRES_LEN;
+		kcs.len += KC_LEN;
+		rand = chunk_skip(rand, RAND_LEN);
+		sres = chunk_skip(sres, SRES_LEN);
+		kc = chunk_skip(kc, KC_LEN);
+	}
+	free(this->sreses.ptr);
+	this->sreses = chunk_clone(sreses);
+
+	derive_keys_full(this, kcs, nonce);
+
+	/* build response with AT_MAC, built over "EAP packet | NONCE_MT" */
+	message = simaka_message_create(TRUE, this->identifier++,
+									EAP_SIM, SIM_CHALLENGE);
+	message->add_attribute(message, AT_RAND, rands);
+	*out = message->generate(message, NULL, NULL, this->signer, nonce);
+	message->destroy(message);
+	return NEED_MORE;
+}
+
+/**
+ * process an EAP-SIM/Response/Challenge message
+ */
+static status_t process_challenge(private_eap_sim_server_t *this,
+								  simaka_message_t *in, eap_payload_t **out)
+{
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data;
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		DBG1(DBG_IKE, "ignoring EAP-SIM attribute %N",
+			 simaka_attribute_names, type);
+	}
+	enumerator->destroy(enumerator);
+
+	/* verify AT_MAC attribute, signature is over "EAP packet | n*SRES"  */
+	if (!in->verify(in, this->signer, this->sreses))
+	{
+		DBG1(DBG_IKE, "AT_MAC verification failed");
+		return FAILED;
+	}
+	return SUCCESS;
+}
+
+/**
+ * EAP-SIM/Response/ClientErrorCode message
+ */
+static status_t process_client_error(private_eap_sim_server_t *this,
+									 simaka_message_t *in, eap_payload_t **out)
+{
+	enumerator_t *enumerator;
+	simaka_attribute_t type;
+	chunk_t data;
+
+	enumerator = in->create_attribute_enumerator(in);
+	while (enumerator->enumerate(enumerator, &type, &data))
+	{
+		if (type == AT_CLIENT_ERROR_CODE)
+		{
+			DBG1(DBG_IKE, "received EAP-SIM client error code %#B", &data);
+		}
+		else
+		{
+			DBG1(DBG_IKE, "ignoring EAP-SIM attribute %N",
+				 simaka_attribute_names, type);
+		}
+	}
+	enumerator->destroy(enumerator);
+	return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.process
+ */
+static status_t process(private_eap_sim_server_t *this,
+						eap_payload_t *in, eap_payload_t **out)
+{
+	simaka_message_t *message;
+	status_t status;
+
+	message = simaka_message_create_from_payload(in);
+	if (!message)
+	{
+		return FAILED;
+	}
+	if (!message->parse(message, this->crypter))
+	{
+		message->destroy(message);
+		return FAILED;
+	}
+	switch (message->get_subtype(message))
+	{
+		case SIM_START:
+			status = process_start(this, message, out);
+			break;
+		case SIM_CHALLENGE:
+			status = process_challenge(this, message, out);
+			break;
+		case SIM_CLIENT_ERROR:
+			status = process_client_error(this, message, out);
+			break;
+		default:
+			DBG1(DBG_IKE, "unable to process EAP-SIM subtype %N",
+				 simaka_subtype_names, message->get_subtype(message));
+			status = FAILED;
+			break;
+	}
+	message->destroy(message);
+	return status;
+}
+
+/**
+ * Implementation of eap_method_t.initiate
+ */
+static status_t initiate(private_eap_sim_server_t *this, eap_payload_t **out)
+{
+	simaka_message_t *message;
+
+	message = simaka_message_create(TRUE, this->identifier++,
+									EAP_SIM, SIM_START);
+	message->add_attribute(message, AT_VERSION_LIST, version);
+	*out = message->generate(message, NULL, NULL, NULL, chunk_empty);
+	message->destroy(message);
+	return NEED_MORE;
+}
+
+/**
+ * Implementation of eap_method_t.get_type.
+ */
+static eap_type_t get_type(private_eap_sim_server_t *this, u_int32_t *vendor)
+{
+	*vendor = 0;
+	return EAP_SIM;
+}
+
+/**
+ * Implementation of eap_method_t.get_msk.
+ */
+static status_t get_msk(private_eap_sim_server_t *this, chunk_t *msk)
+{
+	if (this->msk.ptr)
+	{
+		*msk = this->msk;
+		return SUCCESS;
+	}
+	return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.is_mutual.
+ */
+static bool is_mutual(private_eap_sim_server_t *this)
+{
+	return TRUE;
+}
+
+/**
+ * Implementation of eap_method_t.destroy.
+ */
+static void destroy(private_eap_sim_server_t *this)
+{
+	this->peer->destroy(this->peer);
+	DESTROY_IF(this->rng);
+	DESTROY_IF(this->hasher);
+	DESTROY_IF(this->prf);
+	DESTROY_IF(this->signer);
+	DESTROY_IF(this->crypter);
+	free(this->sreses.ptr);
+	free(this->msk.ptr);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+eap_sim_server_t *eap_sim_server_create(identification_t *server,
+										identification_t *peer)
+{
+	private_eap_sim_server_t *this = malloc_thing(private_eap_sim_server_t);
+
+	this->peer = peer->clone(peer);
+	this->sreses = chunk_empty;
+	this->msk = chunk_empty;
+	/* generate a non-zero identifier */
+	do {
+		this->identifier = random();
+	} while (!this->identifier);
+
+	this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate;
+	this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process;
+	this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type;
+	this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual;
+	this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk;
+	this->public.interface.destroy = (void(*)(eap_method_t*))destroy;
+
+	this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+	this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+	this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160);
+	this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128);
+	this->crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16);
+	if (!this->rng || !this->hasher || !this->prf ||
+		!this->signer || !this->crypter)
+	{
+		DBG1(DBG_IKE, "unable to use EAP-SIM, missing algorithms");
+		destroy(this);
+		return NULL;
+	}
+	return &this->public;
+}
+

src/charon/plugins/eap_sim/eap_sim_server.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2008 Martin Willi
+ * Copyright (C) 2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -14,48 +14,44 @@
  */
 
 /**
- * @defgroup eap_sim_i eap_sim
+ * @defgroup eap_sim_server eap_sim_server
  * @{ @ingroup eap_sim
  */
 
-#ifndef EAP_SIM_H_
-#define EAP_SIM_H_
-
-typedef struct eap_sim_t eap_sim_t;
+#ifndef EAP_SIM_SERVER_H_
+#define EAP_SIM_SERVER_H_
 
 #include <sa/authenticators/eap/eap_method.h>
 
+typedef struct eap_sim_server_t eap_sim_server_t;
+
 /**
- * Implementation of the eap_method_t interface using EAP-SIM.
+ * EAP-SIM server implementation.
  *
- * This EAP-SIM client implementation handles the protocol level of EAP-SIM
- * only, it does not provide triplet calculation/fetching. Other plugins may
- * provide these services using the sim_manager_t of charon.
+ * This EAP-SIM module uses sim_provider_t implementations for triplet
+ * calculation, found via the eap_sim_manager_t.
  */
-struct eap_sim_t {
+struct eap_sim_server_t {
 
 	/**
 	 * Implemented eap_method_t interface.
 	 */
-	eap_method_t eap_method_interface;
+	eap_method_t interface;
+
+	/**
+	 * Destroy a eap_sim_server_t.
+	 */
+	void (*destroy)(eap_sim_server_t *this);
 };
 
 /**
  * Creates the EAP method EAP-SIM acting as server.
  *
  * @param server	ID of the EAP server
- * @param peer		ID of the EAP client
+ * @param peer		ID of the EAP peer
  * @return			eap_sim_t object
  */
-eap_sim_t *eap_sim_create_server(identification_t *server, identification_t *peer);
+eap_sim_server_t *eap_sim_server_create(identification_t *server,
+										identification_t *peer);
 
-/**
- * Creates the EAP method EAP-SIM acting as peer.
- *
- * @param server	ID of the EAP server
- * @param peer		ID of the EAP client
- * @return			eap_sim_t object
- */
-eap_sim_t *eap_sim_create_peer(identification_t *server, identification_t *peer);
-
-#endif /** EAP_SIM_H_ @}*/
+#endif /* EAP_SIM_SERVER_H_ @}*/