Handle PRF failures in eap-aka-3gpp2

2012-07-10 15:11:25 +02:00 · 2012-07-10 15:11:25 +02:00 · ff9e46772f
parent a564e4ca77
commit ff9e46772f
4 changed files with 124 additions and 57 deletions
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
@ -74,13 +74,19 @@ METHOD(simaka_card_t, get_quintuplet, status_t,
 	mac = autn + AKA_SQN_LEN + AKA_AMF_LEN;

 	/* XOR anonymity key AK into SQN to decrypt it */
-	this->f->f5(this->f, k, rand, ak);
+	if (!this->f->f5(this->f, k, rand, ak))
+	{
+		return FAILED;
+	}
 	DBG3(DBG_IKE, "using ak %b", ak, AKA_AK_LEN);
 	memxor(sqn, ak, AKA_SQN_LEN);
 	DBG3(DBG_IKE, "using sqn %b", sqn, AKA_SQN_LEN);

 	/* calculate expected MAC and compare against received one */
-	this->f->f1(this->f, k, rand, sqn, amf, xmac);
+	if (!this->f->f1(this->f, k, rand, sqn, amf, xmac))
+	{
+		return FAILED;
+	}
 	if (!memeq(mac, xmac, AKA_MAC_LEN))
 	{
 		DBG1(DBG_IKE, "received MAC does not match XMAC");
@ -98,11 +104,13 @@ METHOD(simaka_card_t, get_quintuplet, status_t,
 	/* update stored SQN to the received one */
 	memcpy(this->sqn, sqn, AKA_SQN_LEN);

-	/* CK/IK */
-	this->f->f3(this->f, k, rand, ck);
-	this->f->f4(this->f, k, rand, ik);
-	/* calculate RES */
-	this->f->f2(this->f, k, rand, res);
+	/* CK/IK, calculate RES */
+	if (!this->f->f3(this->f, k, rand, ck) ||
+		!this->f->f4(this->f, k, rand, ik) ||
+		!this->f->f2(this->f, k, rand, res))
+	{
+		return FAILED;
+	}
 	*res_len = AKA_RES_MAX;

 	return SUCCESS;
@ -122,8 +130,11 @@ METHOD(simaka_card_t, resync, bool,

 	/* AMF is set to zero in resync */
 	memset(amf, 0, AKA_AMF_LEN);
-	this->f->f5star(this->f, k, rand, aks);
-	this->f->f1star(this->f, k, rand, this->sqn, amf, macs);
+	if (!this->f->f5star(this->f, k, rand, aks) ||
+		!this->f->f1star(this->f, k, rand, this->sqn, amf, macs))
+	{
+		return FALSE;
+	}
 	/* AUTS = SQN xor AKS | MACS */
 	memcpy(auts, this->sqn, AKA_SQN_LEN);
 	memxor(auts, aks, AKA_AK_LEN);
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
@ -170,12 +170,12 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b)
 * Step 3 of the various fx() functions:
 * XOR the key into the SHA1 IV
 */
-static void step3(prf_t *prf, u_char k[AKA_K_LEN],
+static bool step3(prf_t *prf, u_char k[AKA_K_LEN],
 				  u_char payload[AKA_PAYLOAD_LEN], u_int8_t h[HASH_SIZE_SHA1])
 {
 	/* use the keyed hasher to build the hash */
-	prf->set_key(prf, chunk_create(k, AKA_K_LEN));
-	prf->get_bytes(prf, chunk_create(payload, AKA_PAYLOAD_LEN), h);
+	return prf->set_key(prf, chunk_create(k, AKA_K_LEN)) &&
+		   prf->get_bytes(prf, chunk_create(payload, AKA_PAYLOAD_LEN), h);
 }

 /**
@ -211,7 +211,7 @@ static void step4(u_char x[HASH_SIZE_SHA1])
 /**
 * Calculation function for f2(), f3(), f4()
 */
-static void fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
+static bool fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
 			   u_char rand[AKA_RAND_LEN], u_char out[AKA_MAC_LEN])
 {
 	u_char payload[AKA_PAYLOAD_LEN];
@ -230,16 +230,20 @@ static void fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
 		payload[35] ^= i;
 		payload[51] ^= i;

-		step3(prf, k, payload, h);
+		if (!step3(prf, k, payload, h))
+		{
+			return FALSE;
+		}
 		step4(h);
 		memcpy(out + i * 8, h, 8);
 	}
+	return TRUE;
 }

 /**
 * Calculation function of f1() and f1star()
 */
-static void f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN],
+static bool f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
 				u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN])
 {
@ -257,15 +261,19 @@ static void f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN],
 	memxor(payload + 34, sqn, AKA_SQN_LEN);
 	memxor(payload + 42, amf, AKA_AMF_LEN);

-	step3(prf, k, payload, h);
+	if (!step3(prf, k, payload, h))
+	{
+		return FALSE;
+	}
 	step4(h);
 	memcpy(mac, h, AKA_MAC_LEN);
+	return TRUE;
 }

 /**
 * Calculation function of f5() and f5star()
 */
-static void f5x(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
+static bool f5x(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN])
 {
 	u_char payload[AKA_PAYLOAD_LEN];
@ -276,88 +284,120 @@ static void f5x(prf_t *prf, u_char f, u_char k[AKA_K_LEN],
 	memxor(payload + 12, fmk.ptr, fmk.len);
 	memxor(payload + 16, rand, AKA_RAND_LEN);

-	step3(prf, k, payload, h);
+	if (!step3(prf, k, payload, h))
+	{
+		return FALSE;
+	}
 	step4(h);
 	memcpy(ak, h, AKA_AK_LEN);
+	return TRUE;
 }

 /**
 * Calculate MAC from RAND, SQN, AMF using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f1, void,
+METHOD(eap_aka_3gpp2_functions_t, f1, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
 	u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN])
 {
-	f1x(this->prf, F1, k, rand, sqn, amf, mac);
-	DBG3(DBG_IKE, "MAC %b", mac, AKA_MAC_LEN);
+	if (f1x(this->prf, F1, k, rand, sqn, amf, mac))
+	{
+		DBG3(DBG_IKE, "MAC %b", mac, AKA_MAC_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate MACS from RAND, SQN, AMF using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f1star, void,
+METHOD(eap_aka_3gpp2_functions_t, f1star, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
 	u_char amf[AKA_AMF_LEN], u_char macs[AKA_MAC_LEN])
 {
-	f1x(this->prf, F1STAR, k, rand, sqn, amf, macs);
-	DBG3(DBG_IKE, "MACS %b", macs, AKA_MAC_LEN);
+	if (f1x(this->prf, F1STAR, k, rand, sqn, amf, macs))
+	{
+		DBG3(DBG_IKE, "MACS %b", macs, AKA_MAC_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate RES from RAND using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f2, void,
+METHOD(eap_aka_3gpp2_functions_t, f2, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char res[AKA_RES_MAX])
 {
-	fx(this->prf, F2, k, rand, res);
-	DBG3(DBG_IKE, "RES %b", res, AKA_RES_MAX);
+	if (fx(this->prf, F2, k, rand, res))
+	{
+		DBG3(DBG_IKE, "RES %b", res, AKA_RES_MAX);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate CK from RAND using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f3, void,
+METHOD(eap_aka_3gpp2_functions_t, f3, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char ck[AKA_CK_LEN])
 {
-	fx(this->prf, F3, k, rand, ck);
-	DBG3(DBG_IKE, "CK %b", ck, AKA_CK_LEN);
+	if (fx(this->prf, F3, k, rand, ck))
+	{
+		DBG3(DBG_IKE, "CK %b", ck, AKA_CK_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate IK from RAND using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f4, void,
+METHOD(eap_aka_3gpp2_functions_t, f4, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char ik[AKA_IK_LEN])
 {
-	fx(this->prf, F4, k, rand, ik);
-	DBG3(DBG_IKE, "IK %b", ik, AKA_IK_LEN);
+	if (fx(this->prf, F4, k, rand, ik))
+	{
+		DBG3(DBG_IKE, "IK %b", ik, AKA_IK_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate AK from a RAND using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f5, void,
+METHOD(eap_aka_3gpp2_functions_t, f5, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN])
 {
-	f5x(this->prf, F5, k, rand, ak);
-	DBG3(DBG_IKE, "AK %b", ak, AKA_AK_LEN);
+	if (f5x(this->prf, F5, k, rand, ak))
+	{
+		DBG3(DBG_IKE, "AK %b", ak, AKA_AK_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
 * Calculate AKS from a RAND using K
 */
-METHOD(eap_aka_3gpp2_functions_t, f5star, void,
+METHOD(eap_aka_3gpp2_functions_t, f5star, bool,
 	private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 	u_char rand[AKA_RAND_LEN], u_char aks[AKA_AK_LEN])
 {
-	f5x(this->prf, F5STAR, k, rand, aks);
-	DBG3(DBG_IKE, "AKS %b", aks, AKA_AK_LEN);
+	if (f5x(this->prf, F5STAR, k, rand, aks))
+	{
+		DBG3(DBG_IKE, "AKS %b", aks, AKA_AK_LEN);
+		return TRUE;
+	}
+	return FALSE;
 }

 METHOD(eap_aka_3gpp2_functions_t, destroy, void,
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
@ -45,8 +45,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param sqn	sequence number
 	 * @param amf	authentication management field
 	 * @param mac	buffer receiving mac MAC
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f1)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f1)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
 				u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]);

@ -58,8 +59,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param sqn	sequence number
 	 * @param amf	authentication management field
 	 * @param macs	buffer receiving resynchronization mac MACS
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f1star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f1star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN],
 				u_char amf[AKA_AMF_LEN], u_char macs[AKA_MAC_LEN]);

@ -69,8 +71,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param k		secret key K
 	 * @param rand	random value RAND
 	 * @param res	buffer receiving result RES, uses full 128 bit
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f2)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f2)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char res[AKA_RES_MAX]);
 	/**
 	 * Calculate CK from RAND using K
@ -78,8 +81,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param k		secret key K
 	 * @param rand	random value RAND
 	 * @param macs	buffer receiving encryption key CK
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f3)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f3)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char ck[AKA_CK_LEN]);
 	/**
 	 * Calculate IK from RAND using K
@ -87,8 +91,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param k		secret key K
 	 * @param rand	random value RAND
 	 * @param macs	buffer receiving integrity key IK
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f4)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f4)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char ik[AKA_IK_LEN]);
 	/**
 	 * Calculate AK from a RAND using K
@ -96,8 +101,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param k		secret key K
 	 * @param rand	random value RAND
 	 * @param macs	buffer receiving anonymity key AK
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f5)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f5)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN]);
 	/**
 	 * Calculate AKS from a RAND using K
@ -105,8 +111,9 @@ struct eap_aka_3gpp2_functions_t {
 	 * @param k		secret key K
 	 * @param rand	random value RAND
 	 * @param macs	buffer receiving resynchronization anonymity key AKS
+	 * @return		TRUE if calculations successful
 	 */
-	void (*f5star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
+	bool (*f5star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN],
 				u_char rand[AKA_RAND_LEN], u_char aks[AKA_AK_LEN]);

 	/**
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
@ -107,12 +107,13 @@ METHOD(simaka_provider_t, get_quintuplet, bool,
 	DBG3(DBG_IKE, "generated rand %b", rand, AKA_RAND_LEN);
 	DBG3(DBG_IKE, "using K %b", k, AKA_K_LEN);

-	/* MAC */
-	this->f->f1(this->f, k, rand, this->sqn, amf, mac);
-	/* AK */
-	this->f->f5(this->f, k, rand, ak);
-	/* XRES as expected from client */
-	this->f->f2(this->f, k, rand, xres);
+	/* MAC, AK, XRES as expected from client */
+	if (!this->f->f1(this->f, k, rand, this->sqn, amf, mac) ||
+		!this->f->f5(this->f, k, rand, ak) ||
+		!this->f->f2(this->f, k, rand, xres))
+	{
+		return FALSE;
+	}
 	*xres_len = AKA_RES_MAX;
 	/* AUTN = (SQN xor AK) || AMF || MAC */
 	memcpy(autn, this->sqn, AKA_SQN_LEN);
@ -121,9 +122,11 @@ METHOD(simaka_provider_t, get_quintuplet, bool,
 	memcpy(autn + AKA_SQN_LEN + AKA_AMF_LEN, mac, AKA_MAC_LEN);
 	DBG3(DBG_IKE, "AUTN %b", autn, AKA_AUTN_LEN);
 	/* CK/IK */
-	this->f->f3(this->f, k, rand, ck);
-	this->f->f4(this->f, k, rand, ik);
-
+	if (!this->f->f3(this->f, k, rand, ck) ||
+		!this->f->f4(this->f, k, rand, ik))
+	{
+		return FALSE;
+	}
 	return TRUE;
 }

@ -143,12 +146,18 @@ METHOD(simaka_provider_t, resync, bool,
 	/* AUTHS = (AK xor SQN) | MAC */
 	sqn = auts;
 	macs = auts + AKA_SQN_LEN;
-	this->f->f5star(this->f, k, rand, aks);
+	if (!this->f->f5star(this->f, k, rand, aks))
+	{
+		return FALSE;
+	}
 	memxor(sqn, aks, AKA_AK_LEN);

 	/* verify XMACS, AMF of zero is used in resynchronization */
 	memset(amf, 0, AKA_AMF_LEN);
-	this->f->f1star(this->f, k, rand, sqn, amf, xmacs);
+	if (!this->f->f1star(this->f, k, rand, sqn, amf, xmacs))
+	{
+		return FALSE;
+	}
 	if (!memeq(macs, xmacs, AKA_MAC_LEN))
 	{
 		DBG1(DBG_IKE, "received MACS does not match XMACS");