Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / c5ec7f57ead87efa365800228aa0b09a12d9e6c4 / . / src / utils / pcsc_funcs.c
blob: a97f9fa22066390121ffa6d67e959a18a527ac36 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * WPA Supplicant / PC/SC smartcard interface for USIM, GSM SIM
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame^]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 *
8 * This file implements wrapper functions for accessing GSM SIM and 3GPP USIM
9 * cards through PC/SC smartcard library. These functions are used to implement
10 * authentication routines for EAP-SIM and EAP-AKA.
11 */
12
13#include "includes.h"
14#include <winscard.h>
15
16#include "common.h"
17#include "pcsc_funcs.h"
18
19
20/* See ETSI GSM 11.11 and ETSI TS 102 221 for details.
21 * SIM commands:
22 * Command APDU: CLA INS P1 P2 P3 Data
23 * CLA (class of instruction): A0 for GSM, 00 for USIM
24 * INS (instruction)
25 * P1 P2 P3 (parameters, P3 = length of Data)
26 * Response APDU: Data SW1 SW2
27 * SW1 SW2 (Status words)
28 * Commands (INS P1 P2 P3):
29 * SELECT: A4 00 00 02 <file_id, 2 bytes>
30 * GET RESPONSE: C0 00 00 <len>
31 * RUN GSM ALG: 88 00 00 00 <RAND len = 10>
32 * RUN UMTS ALG: 88 00 81 <len=0x22> data: 0x10 | RAND | 0x10 | AUTN
33 * P1 = ID of alg in card
34 * P2 = ID of secret key
35 * READ BINARY: B0 <offset high> <offset low> <len>
36 * READ RECORD: B2 <record number> <mode> <len>
37 * P2 (mode) = '02' (next record), '03' (previous record),
38 * '04' (absolute mode)
39 * VERIFY CHV: 20 00 <CHV number> 08
40 * CHANGE CHV: 24 00 <CHV number> 10
41 * DISABLE CHV: 26 00 01 08
42 * ENABLE CHV: 28 00 01 08
43 * UNBLOCK CHV: 2C 00 <00=CHV1, 02=CHV2> 10
44 * SLEEP: FA 00 00 00
45 */
46
47/* GSM SIM commands */
48#define SIM_CMD_SELECT 0xa0, 0xa4, 0x00, 0x00, 0x02
49#define SIM_CMD_RUN_GSM_ALG 0xa0, 0x88, 0x00, 0x00, 0x10
50#define SIM_CMD_GET_RESPONSE 0xa0, 0xc0, 0x00, 0x00
51#define SIM_CMD_READ_BIN 0xa0, 0xb0, 0x00, 0x00
52#define SIM_CMD_READ_RECORD 0xa0, 0xb2, 0x00, 0x00
53#define SIM_CMD_VERIFY_CHV1 0xa0, 0x20, 0x00, 0x01, 0x08
54
55/* USIM commands */
56#define USIM_CLA 0x00
57#define USIM_CMD_RUN_UMTS_ALG 0x00, 0x88, 0x00, 0x81, 0x22
58#define USIM_CMD_GET_RESPONSE 0x00, 0xc0, 0x00, 0x00
59
60#define SIM_RECORD_MODE_ABSOLUTE 0x04
61
62#define USIM_FSP_TEMPL_TAG 0x62
63
64#define USIM_TLV_FILE_DESC 0x82
65#define USIM_TLV_FILE_ID 0x83
66#define USIM_TLV_DF_NAME 0x84
67#define USIM_TLV_PROPR_INFO 0xA5
68#define USIM_TLV_LIFE_CYCLE_STATUS 0x8A
69#define USIM_TLV_FILE_SIZE 0x80
70#define USIM_TLV_TOTAL_FILE_SIZE 0x81
71#define USIM_TLV_PIN_STATUS_TEMPLATE 0xC6
72#define USIM_TLV_SHORT_FILE_ID 0x88
73
74#define USIM_PS_DO_TAG 0x90
75
76#define AKA_RAND_LEN 16
77#define AKA_AUTN_LEN 16
78#define AKA_AUTS_LEN 14
79#define RES_MAX_LEN 16
80#define IK_LEN 16
81#define CK_LEN 16
82
83
84typedef enum { SCARD_GSM_SIM, SCARD_USIM } sim_types;
85
86struct scard_data {
87 SCARDCONTEXT ctx;
88 SCARDHANDLE card;
89 DWORD protocol;
90 sim_types sim_type;
91 int pin1_required;
92};
93
94#ifdef __MINGW32_VERSION
95/* MinGW does not yet support WinScard, so load the needed functions
96 * dynamically from winscard.dll for now. */
97
98static HINSTANCE dll = NULL; /* winscard.dll */
99
100static const SCARD_IO_REQUEST *dll_g_rgSCardT0Pci, *dll_g_rgSCardT1Pci;
101#undef SCARD_PCI_T0
102#define SCARD_PCI_T0 (dll_g_rgSCardT0Pci)
103#undef SCARD_PCI_T1
104#define SCARD_PCI_T1 (dll_g_rgSCardT1Pci)
105
106
107static WINSCARDAPI LONG WINAPI
108(*dll_SCardEstablishContext)(IN DWORD dwScope,
109 IN LPCVOID pvReserved1,
110 IN LPCVOID pvReserved2,
111 OUT LPSCARDCONTEXT phContext);
112#define SCardEstablishContext dll_SCardEstablishContext
113
114static long (*dll_SCardReleaseContext)(long hContext);
115#define SCardReleaseContext dll_SCardReleaseContext
116
117static WINSCARDAPI LONG WINAPI
118(*dll_SCardListReadersA)(IN SCARDCONTEXT hContext,
119 IN LPCSTR mszGroups,
120 OUT LPSTR mszReaders,
121 IN OUT LPDWORD pcchReaders);
122#undef SCardListReaders
123#define SCardListReaders dll_SCardListReadersA
124
125static WINSCARDAPI LONG WINAPI
126(*dll_SCardConnectA)(IN SCARDCONTEXT hContext,
127 IN LPCSTR szReader,
128 IN DWORD dwShareMode,
129 IN DWORD dwPreferredProtocols,
130 OUT LPSCARDHANDLE phCard,
131 OUT LPDWORD pdwActiveProtocol);
132#undef SCardConnect
133#define SCardConnect dll_SCardConnectA
134
135static WINSCARDAPI LONG WINAPI
136(*dll_SCardDisconnect)(IN SCARDHANDLE hCard,
137 IN DWORD dwDisposition);
138#define SCardDisconnect dll_SCardDisconnect
139
140static WINSCARDAPI LONG WINAPI
141(*dll_SCardTransmit)(IN SCARDHANDLE hCard,
142 IN LPCSCARD_IO_REQUEST pioSendPci,
143 IN LPCBYTE pbSendBuffer,
144 IN DWORD cbSendLength,
145 IN OUT LPSCARD_IO_REQUEST pioRecvPci,
146 OUT LPBYTE pbRecvBuffer,
147 IN OUT LPDWORD pcbRecvLength);
148#define SCardTransmit dll_SCardTransmit
149
150static WINSCARDAPI LONG WINAPI
151(*dll_SCardBeginTransaction)(IN SCARDHANDLE hCard);
152#define SCardBeginTransaction dll_SCardBeginTransaction
153
154static WINSCARDAPI LONG WINAPI
155(*dll_SCardEndTransaction)(IN SCARDHANDLE hCard, IN DWORD dwDisposition);
156#define SCardEndTransaction dll_SCardEndTransaction
157
158
159static int mingw_load_symbols(void)
160{
161 char *sym;
162
163 if (dll)
164 return 0;
165
166 dll = LoadLibrary("winscard");
167 if (dll == NULL) {
168 wpa_printf(MSG_DEBUG, "WinSCard: Could not load winscard.dll "
169 "library");
170 return -1;
171 }
172
173#define LOADSYM(s) \
174 sym = #s; \
175 dll_ ## s = (void *) GetProcAddress(dll, sym); \
176 if (dll_ ## s == NULL) \
177 goto fail;
178
179 LOADSYM(SCardEstablishContext);
180 LOADSYM(SCardReleaseContext);
181 LOADSYM(SCardListReadersA);
182 LOADSYM(SCardConnectA);
183 LOADSYM(SCardDisconnect);
184 LOADSYM(SCardTransmit);
185 LOADSYM(SCardBeginTransaction);
186 LOADSYM(SCardEndTransaction);
187 LOADSYM(g_rgSCardT0Pci);
188 LOADSYM(g_rgSCardT1Pci);
189
190#undef LOADSYM
191
192 return 0;
193
194fail:
195 wpa_printf(MSG_DEBUG, "WinSCard: Could not get address for %s from "
196 "winscard.dll", sym);
197 FreeLibrary(dll);
198 dll = NULL;
199 return -1;
200}
201
202
203static void mingw_unload_symbols(void)
204{
205 if (dll == NULL)
206 return;
207
208 FreeLibrary(dll);
209 dll = NULL;
210}
211
212#else /* __MINGW32_VERSION */
213
214#define mingw_load_symbols() 0
215#define mingw_unload_symbols() do { } while (0)
216
217#endif /* __MINGW32_VERSION */
218
219
220static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
221 unsigned char *buf, size_t *buf_len,
222 sim_types sim_type, unsigned char *aid,
223 size_t aidlen);
224static int scard_select_file(struct scard_data *scard, unsigned short file_id,
225 unsigned char *buf, size_t *buf_len);
226static int scard_verify_pin(struct scard_data *scard, const char *pin);
227static int scard_get_record_len(struct scard_data *scard,
228 unsigned char recnum, unsigned char mode);
229static int scard_read_record(struct scard_data *scard,
230 unsigned char *data, size_t len,
231 unsigned char recnum, unsigned char mode);
232
233
234static int scard_parse_fsp_templ(unsigned char *buf, size_t buf_len,
235 int *ps_do, int *file_len)
236{
237 unsigned char *pos, *end;
238
239 if (ps_do)
240 *ps_do = -1;
241 if (file_len)
242 *file_len = -1;
243
244 pos = buf;
245 end = pos + buf_len;
246 if (*pos != USIM_FSP_TEMPL_TAG) {
247 wpa_printf(MSG_DEBUG, "SCARD: file header did not "
248 "start with FSP template tag");
249 return -1;
250 }
251 pos++;
252 if (pos >= end)
253 return -1;
254 if ((pos + pos[0]) < end)
255 end = pos + 1 + pos[0];
256 pos++;
257 wpa_hexdump(MSG_DEBUG, "SCARD: file header FSP template",
258 pos, end - pos);
259
260 while (pos + 1 < end) {
261 wpa_printf(MSG_MSGDUMP, "SCARD: file header TLV "
262 "0x%02x len=%d", pos[0], pos[1]);
263 if (pos + 2 + pos[1] > end)
264 break;
265
266 if (pos[0] == USIM_TLV_FILE_SIZE &&
267 (pos[1] == 1 || pos[1] == 2) && file_len) {
268 if (pos[1] == 1)
269 *file_len = (int) pos[2];
270 else
271 *file_len = ((int) pos[2] << 8) |
272 (int) pos[3];
273 wpa_printf(MSG_DEBUG, "SCARD: file_size=%d",
274 *file_len);
275 }
276
277 if (pos[0] == USIM_TLV_PIN_STATUS_TEMPLATE &&
278 pos[1] >= 2 && pos[2] == USIM_PS_DO_TAG &&
279 pos[3] >= 1 && ps_do) {
280 wpa_printf(MSG_DEBUG, "SCARD: PS_DO=0x%02x",
281 pos[4]);
282 *ps_do = (int) pos[4];
283 }
284
285 pos += 2 + pos[1];
286
287 if (pos == end)
288 return 0;
289 }
290 return -1;
291}
292
293
294static int scard_pin_needed(struct scard_data *scard,
295 unsigned char *hdr, size_t hlen)
296{
297 if (scard->sim_type == SCARD_GSM_SIM) {
298 if (hlen > SCARD_CHV1_OFFSET &&
299 !(hdr[SCARD_CHV1_OFFSET] & SCARD_CHV1_FLAG))
300 return 1;
301 return 0;
302 }
303
304 if (scard->sim_type == SCARD_USIM) {
305 int ps_do;
306 if (scard_parse_fsp_templ(hdr, hlen, &ps_do, NULL))
307 return -1;
308 /* TODO: there could be more than one PS_DO entry because of
309 * multiple PINs in key reference.. */
310 if (ps_do > 0 && (ps_do & 0x80))
311 return 1;
312 return 0;
313 }
314
315 return -1;
316}
317
318
319static int scard_get_aid(struct scard_data *scard, unsigned char *aid,
320 size_t maxlen)
321{
322 int rlen, rec;
323 struct efdir {
324 unsigned char appl_template_tag; /* 0x61 */
325 unsigned char appl_template_len;
326 unsigned char appl_id_tag; /* 0x4f */
327 unsigned char aid_len;
328 unsigned char rid[5];
329 unsigned char appl_code[2]; /* 0x1002 for 3G USIM */
330 } *efdir;
331 unsigned char buf[100];
332 size_t blen;
333
334 efdir = (struct efdir *) buf;
335 blen = sizeof(buf);
336 if (scard_select_file(scard, SCARD_FILE_EF_DIR, buf, &blen)) {
337 wpa_printf(MSG_DEBUG, "SCARD: Failed to read EF_DIR");
338 return -1;
339 }
340 wpa_hexdump(MSG_DEBUG, "SCARD: EF_DIR select", buf, blen);
341
342 for (rec = 1; rec < 10; rec++) {
343 rlen = scard_get_record_len(scard, rec,
344 SIM_RECORD_MODE_ABSOLUTE);
345 if (rlen < 0) {
346 wpa_printf(MSG_DEBUG, "SCARD: Failed to get EF_DIR "
347 "record length");
348 return -1;
349 }
350 blen = sizeof(buf);
351 if (rlen > (int) blen) {
352 wpa_printf(MSG_DEBUG, "SCARD: Too long EF_DIR record");
353 return -1;
354 }
355 if (scard_read_record(scard, buf, rlen, rec,
356 SIM_RECORD_MODE_ABSOLUTE) < 0) {
357 wpa_printf(MSG_DEBUG, "SCARD: Failed to read "
358 "EF_DIR record %d", rec);
359 return -1;
360 }
361 wpa_hexdump(MSG_DEBUG, "SCARD: EF_DIR record", buf, rlen);
362
363 if (efdir->appl_template_tag != 0x61) {
364 wpa_printf(MSG_DEBUG, "SCARD: Unexpected application "
365 "template tag 0x%x",
366 efdir->appl_template_tag);
367 continue;
368 }
369
370 if (efdir->appl_template_len > rlen - 2) {
371 wpa_printf(MSG_DEBUG, "SCARD: Too long application "
372 "template (len=%d rlen=%d)",
373 efdir->appl_template_len, rlen);
374 continue;
375 }
376
377 if (efdir->appl_id_tag != 0x4f) {
378 wpa_printf(MSG_DEBUG, "SCARD: Unexpected application "
379 "identifier tag 0x%x", efdir->appl_id_tag);
380 continue;
381 }
382
383 if (efdir->aid_len < 1 || efdir->aid_len > 16) {
384 wpa_printf(MSG_DEBUG, "SCARD: Invalid AID length %d",
385 efdir->aid_len);
386 continue;
387 }
388
389 wpa_hexdump(MSG_DEBUG, "SCARD: AID from EF_DIR record",
390 efdir->rid, efdir->aid_len);
391
392 if (efdir->appl_code[0] == 0x10 &&
393 efdir->appl_code[1] == 0x02) {
394 wpa_printf(MSG_DEBUG, "SCARD: 3G USIM app found from "
395 "EF_DIR record %d", rec);
396 break;
397 }
398 }
399
400 if (rec >= 10) {
401 wpa_printf(MSG_DEBUG, "SCARD: 3G USIM app not found "
402 "from EF_DIR records");
403 return -1;
404 }
405
406 if (efdir->aid_len > maxlen) {
407 wpa_printf(MSG_DEBUG, "SCARD: Too long AID");
408 return -1;
409 }
410
411 os_memcpy(aid, efdir->rid, efdir->aid_len);
412
413 return efdir->aid_len;
414}
415
416
417/**
418 * scard_init - Initialize SIM/USIM connection using PC/SC
419 * @sim_type: Allowed SIM types (SIM, USIM, or both)
420 * Returns: Pointer to private data structure, or %NULL on failure
421 *
422 * This function is used to initialize SIM/USIM connection. PC/SC is used to
423 * open connection to the SIM/USIM card and the card is verified to support the
424 * selected sim_type. In addition, local flag is set if a PIN is needed to
425 * access some of the card functions. Once the connection is not needed
426 * anymore, scard_deinit() can be used to close it.
427 */
428struct scard_data * scard_init(scard_sim_type sim_type)
429{
430 long ret;
431 unsigned long len;
432 struct scard_data *scard;
433#ifdef CONFIG_NATIVE_WINDOWS
434 TCHAR *readers = NULL;
435#else /* CONFIG_NATIVE_WINDOWS */
436 char *readers = NULL;
437#endif /* CONFIG_NATIVE_WINDOWS */
438 unsigned char buf[100];
439 size_t blen;
440 int transaction = 0;
441 int pin_needed;
442
443 wpa_printf(MSG_DEBUG, "SCARD: initializing smart card interface");
444 if (mingw_load_symbols())
445 return NULL;
446 scard = os_zalloc(sizeof(*scard));
447 if (scard == NULL)
448 return NULL;
449
450 ret = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL,
451 &scard->ctx);
452 if (ret != SCARD_S_SUCCESS) {
453 wpa_printf(MSG_DEBUG, "SCARD: Could not establish smart card "
454 "context (err=%ld)", ret);
455 goto failed;
456 }
457
458 ret = SCardListReaders(scard->ctx, NULL, NULL, &len);
459 if (ret != SCARD_S_SUCCESS) {
460 wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed "
461 "(err=%ld)", ret);
462 goto failed;
463 }
464
465#ifdef UNICODE
466 len *= 2;
467#endif /* UNICODE */
468 readers = os_malloc(len);
469 if (readers == NULL) {
470 wpa_printf(MSG_INFO, "SCARD: malloc failed\n");
471 goto failed;
472 }
473
474 ret = SCardListReaders(scard->ctx, NULL, readers, &len);
475 if (ret != SCARD_S_SUCCESS) {
476 wpa_printf(MSG_DEBUG, "SCARD: SCardListReaders failed(2) "
477 "(err=%ld)", ret);
478 goto failed;
479 }
480 if (len < 3) {
481 wpa_printf(MSG_WARNING, "SCARD: No smart card readers "
482 "available.");
483 goto failed;
484 }
485 /* readers is a list of available reader. Last entry is terminated with
486 * double NUL.
487 * TODO: add support for selecting the reader; now just use the first
488 * one.. */
489#ifdef UNICODE
490 wpa_printf(MSG_DEBUG, "SCARD: Selected reader='%S'", readers);
491#else /* UNICODE */
492 wpa_printf(MSG_DEBUG, "SCARD: Selected reader='%s'", readers);
493#endif /* UNICODE */
494
495 ret = SCardConnect(scard->ctx, readers, SCARD_SHARE_SHARED,
496 SCARD_PROTOCOL_T0, &scard->card, &scard->protocol);
497 if (ret != SCARD_S_SUCCESS) {
498 if (ret == (long) SCARD_E_NO_SMARTCARD)
499 wpa_printf(MSG_INFO, "No smart card inserted.");
500 else
501 wpa_printf(MSG_WARNING, "SCardConnect err=%lx", ret);
502 goto failed;
503 }
504
505 os_free(readers);
506 readers = NULL;
507
508 wpa_printf(MSG_DEBUG, "SCARD: card=0x%x active_protocol=%lu (%s)",
509 (unsigned int) scard->card, scard->protocol,
510 scard->protocol == SCARD_PROTOCOL_T0 ? "T0" : "T1");
511
512 ret = SCardBeginTransaction(scard->card);
513 if (ret != SCARD_S_SUCCESS) {
514 wpa_printf(MSG_DEBUG, "SCARD: Could not begin transaction: "
515 "0x%x", (unsigned int) ret);
516 goto failed;
517 }
518 transaction = 1;
519
520 blen = sizeof(buf);
521
522 scard->sim_type = SCARD_GSM_SIM;
523 if (sim_type == SCARD_USIM_ONLY || sim_type == SCARD_TRY_BOTH) {
524 wpa_printf(MSG_DEBUG, "SCARD: verifying USIM support");
525 if (_scard_select_file(scard, SCARD_FILE_MF, buf, &blen,
526 SCARD_USIM, NULL, 0)) {
527 wpa_printf(MSG_DEBUG, "SCARD: USIM is not supported");
528 if (sim_type == SCARD_USIM_ONLY)
529 goto failed;
530 wpa_printf(MSG_DEBUG, "SCARD: Trying to use GSM SIM");
531 scard->sim_type = SCARD_GSM_SIM;
532 } else {
533 wpa_printf(MSG_DEBUG, "SCARD: USIM is supported");
534 scard->sim_type = SCARD_USIM;
535 }
536 }
537
538 if (scard->sim_type == SCARD_GSM_SIM) {
539 blen = sizeof(buf);
540 if (scard_select_file(scard, SCARD_FILE_MF, buf, &blen)) {
541 wpa_printf(MSG_DEBUG, "SCARD: Failed to read MF");
542 goto failed;
543 }
544
545 blen = sizeof(buf);
546 if (scard_select_file(scard, SCARD_FILE_GSM_DF, buf, &blen)) {
547 wpa_printf(MSG_DEBUG, "SCARD: Failed to read GSM DF");
548 goto failed;
549 }
550 } else {
551 unsigned char aid[32];
552 int aid_len;
553
554 aid_len = scard_get_aid(scard, aid, sizeof(aid));
555 if (aid_len < 0) {
556 wpa_printf(MSG_DEBUG, "SCARD: Failed to find AID for "
557 "3G USIM app - try to use standard 3G RID");
558 os_memcpy(aid, "\xa0\x00\x00\x00\x87", 5);
559 aid_len = 5;
560 }
561 wpa_hexdump(MSG_DEBUG, "SCARD: 3G USIM AID", aid, aid_len);
562
563 /* Select based on AID = 3G RID from EF_DIR. This is usually
564 * starting with A0 00 00 00 87. */
565 blen = sizeof(buf);
566 if (_scard_select_file(scard, 0, buf, &blen, scard->sim_type,
567 aid, aid_len)) {
568 wpa_printf(MSG_INFO, "SCARD: Failed to read 3G USIM "
569 "app");
570 wpa_hexdump(MSG_INFO, "SCARD: 3G USIM AID",
571 aid, aid_len);
572 goto failed;
573 }
574 }
575
576 /* Verify whether CHV1 (PIN1) is needed to access the card. */
577 pin_needed = scard_pin_needed(scard, buf, blen);
578 if (pin_needed < 0) {
579 wpa_printf(MSG_DEBUG, "SCARD: Failed to determine whether PIN "
580 "is needed");
581 goto failed;
582 }
583 if (pin_needed) {
584 scard->pin1_required = 1;
585 wpa_printf(MSG_DEBUG, "PIN1 needed for SIM access");
586 }
587
588 ret = SCardEndTransaction(scard->card, SCARD_LEAVE_CARD);
589 if (ret != SCARD_S_SUCCESS) {
590 wpa_printf(MSG_DEBUG, "SCARD: Could not end transaction: "
591 "0x%x", (unsigned int) ret);
592 }
593
594 return scard;
595
596failed:
597 if (transaction)
598 SCardEndTransaction(scard->card, SCARD_LEAVE_CARD);
599 os_free(readers);
600 scard_deinit(scard);
601 return NULL;
602}
603
604
605/**
606 * scard_set_pin - Set PIN (CHV1/PIN1) code for accessing SIM/USIM commands
607 * @scard: Pointer to private data from scard_init()
608 * @pin: PIN code as an ASCII string (e.g., "1234")
609 * Returns: 0 on success, -1 on failure
610 */
611int scard_set_pin(struct scard_data *scard, const char *pin)
612{
613 if (scard == NULL)
614 return -1;
615
616 /* Verify whether CHV1 (PIN1) is needed to access the card. */
617 if (scard->pin1_required) {
618 if (pin == NULL) {
619 wpa_printf(MSG_DEBUG, "No PIN configured for SIM "
620 "access");
621 return -1;
622 }
623 if (scard_verify_pin(scard, pin)) {
624 wpa_printf(MSG_INFO, "PIN verification failed for "
625 "SIM access");
626 return -1;
627 }
628 }
629
630 return 0;
631}
632
633
634/**
635 * scard_deinit - Deinitialize SIM/USIM connection
636 * @scard: Pointer to private data from scard_init()
637 *
638 * This function closes the SIM/USIM connect opened with scard_init().
639 */
640void scard_deinit(struct scard_data *scard)
641{
642 long ret;
643
644 if (scard == NULL)
645 return;
646
647 wpa_printf(MSG_DEBUG, "SCARD: deinitializing smart card interface");
648 if (scard->card) {
649 ret = SCardDisconnect(scard->card, SCARD_UNPOWER_CARD);
650 if (ret != SCARD_S_SUCCESS) {
651 wpa_printf(MSG_DEBUG, "SCARD: Failed to disconnect "
652 "smart card (err=%ld)", ret);
653 }
654 }
655
656 if (scard->ctx) {
657 ret = SCardReleaseContext(scard->ctx);
658 if (ret != SCARD_S_SUCCESS) {
659 wpa_printf(MSG_DEBUG, "Failed to release smart card "
660 "context (err=%ld)", ret);
661 }
662 }
663 os_free(scard);
664 mingw_unload_symbols();
665}
666
667
668static long scard_transmit(struct scard_data *scard,
669 unsigned char *_send, size_t send_len,
670 unsigned char *_recv, size_t *recv_len)
671{
672 long ret;
673 unsigned long rlen;
674
675 wpa_hexdump_key(MSG_DEBUG, "SCARD: scard_transmit: send",
676 _send, send_len);
677 rlen = *recv_len;
678 ret = SCardTransmit(scard->card,
679 scard->protocol == SCARD_PROTOCOL_T1 ?
680 SCARD_PCI_T1 : SCARD_PCI_T0,
681 _send, (unsigned long) send_len,
682 NULL, _recv, &rlen);
683 *recv_len = rlen;
684 if (ret == SCARD_S_SUCCESS) {
685 wpa_hexdump(MSG_DEBUG, "SCARD: scard_transmit: recv",
686 _recv, rlen);
687 } else {
688 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
689 "(err=0x%lx)", ret);
690 }
691 return ret;
692}
693
694
695static int _scard_select_file(struct scard_data *scard, unsigned short file_id,
696 unsigned char *buf, size_t *buf_len,
697 sim_types sim_type, unsigned char *aid,
698 size_t aidlen)
699{
700 long ret;
701 unsigned char resp[3];
702 unsigned char cmd[50] = { SIM_CMD_SELECT };
703 int cmdlen;
704 unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
705 size_t len, rlen;
706
707 if (sim_type == SCARD_USIM) {
708 cmd[0] = USIM_CLA;
709 cmd[3] = 0x04;
710 get_resp[0] = USIM_CLA;
711 }
712
713 wpa_printf(MSG_DEBUG, "SCARD: select file %04x", file_id);
714 if (aid) {
715 wpa_hexdump(MSG_DEBUG, "SCARD: select file by AID",
716 aid, aidlen);
717 if (5 + aidlen > sizeof(cmd))
718 return -1;
719 cmd[2] = 0x04; /* Select by AID */
720 cmd[4] = aidlen; /* len */
721 os_memcpy(cmd + 5, aid, aidlen);
722 cmdlen = 5 + aidlen;
723 } else {
724 cmd[5] = file_id >> 8;
725 cmd[6] = file_id & 0xff;
726 cmdlen = 7;
727 }
728 len = sizeof(resp);
729 ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
730 if (ret != SCARD_S_SUCCESS) {
731 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit failed "
732 "(err=0x%lx)", ret);
733 return -1;
734 }
735
736 if (len != 2) {
737 wpa_printf(MSG_WARNING, "SCARD: unexpected resp len "
738 "%d (expected 2)", (int) len);
739 return -1;
740 }
741
742 if (resp[0] == 0x98 && resp[1] == 0x04) {
743 /* Security status not satisfied (PIN_WLAN) */
744 wpa_printf(MSG_WARNING, "SCARD: Security status not satisfied "
745 "(PIN_WLAN)");
746 return -1;
747 }
748
749 if (resp[0] == 0x6e) {
750 wpa_printf(MSG_DEBUG, "SCARD: used CLA not supported");
751 return -1;
752 }
753
754 if (resp[0] != 0x6c && resp[0] != 0x9f && resp[0] != 0x61) {
755 wpa_printf(MSG_WARNING, "SCARD: unexpected response 0x%02x "
756 "(expected 0x61, 0x6c, or 0x9f)", resp[0]);
757 return -1;
758 }
759 /* Normal ending of command; resp[1] bytes available */
760 get_resp[4] = resp[1];
761 wpa_printf(MSG_DEBUG, "SCARD: trying to get response (%d bytes)",
762 resp[1]);
763
764 rlen = *buf_len;
765 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &rlen);
766 if (ret == SCARD_S_SUCCESS) {
767 *buf_len = resp[1] < rlen ? resp[1] : rlen;
768 return 0;
769 }
770
771 wpa_printf(MSG_WARNING, "SCARD: SCardTransmit err=0x%lx\n", ret);
772 return -1;
773}
774
775
776static int scard_select_file(struct scard_data *scard, unsigned short file_id,
777 unsigned char *buf, size_t *buf_len)
778{
779 return _scard_select_file(scard, file_id, buf, buf_len,
780 scard->sim_type, NULL, 0);
781}
782
783
784static int scard_get_record_len(struct scard_data *scard, unsigned char recnum,
785 unsigned char mode)
786{
787 unsigned char buf[255];
788 unsigned char cmd[5] = { SIM_CMD_READ_RECORD /* , len */ };
789 size_t blen;
790 long ret;
791
792 if (scard->sim_type == SCARD_USIM)
793 cmd[0] = USIM_CLA;
794 cmd[2] = recnum;
795 cmd[3] = mode;
796 cmd[4] = sizeof(buf);
797
798 blen = sizeof(buf);
799 ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
800 if (ret != SCARD_S_SUCCESS) {
801 wpa_printf(MSG_DEBUG, "SCARD: failed to determine file "
802 "length for record %d", recnum);
803 return -1;
804 }
805
806 wpa_hexdump(MSG_DEBUG, "SCARD: file length determination response",
807 buf, blen);
808
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]809 if (blen < 2 || (buf[0] != 0x6c && buf[0] != 0x67)) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]810 wpa_printf(MSG_DEBUG, "SCARD: unexpected response to file "
811 "length determination");
812 return -1;
813 }
814
815 return buf[1];
816}
817
818
819static int scard_read_record(struct scard_data *scard,
820 unsigned char *data, size_t len,
821 unsigned char recnum, unsigned char mode)
822{
823 unsigned char cmd[5] = { SIM_CMD_READ_RECORD /* , len */ };
824 size_t blen = len + 3;
825 unsigned char *buf;
826 long ret;
827
828 if (scard->sim_type == SCARD_USIM)
829 cmd[0] = USIM_CLA;
830 cmd[2] = recnum;
831 cmd[3] = mode;
832 cmd[4] = len;
833
834 buf = os_malloc(blen);
835 if (buf == NULL)
836 return -1;
837
838 ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
839 if (ret != SCARD_S_SUCCESS) {
840 os_free(buf);
841 return -2;
842 }
843 if (blen != len + 2) {
844 wpa_printf(MSG_DEBUG, "SCARD: record read returned unexpected "
845 "length %ld (expected %ld)",
846 (long) blen, (long) len + 2);
847 os_free(buf);
848 return -3;
849 }
850
851 if (buf[len] != 0x90 || buf[len + 1] != 0x00) {
852 wpa_printf(MSG_DEBUG, "SCARD: record read returned unexpected "
853 "status %02x %02x (expected 90 00)",
854 buf[len], buf[len + 1]);
855 os_free(buf);
856 return -4;
857 }
858
859 os_memcpy(data, buf, len);
860 os_free(buf);
861
862 return 0;
863}
864
865
866static int scard_read_file(struct scard_data *scard,
867 unsigned char *data, size_t len)
868{
869 unsigned char cmd[5] = { SIM_CMD_READ_BIN /* , len */ };
870 size_t blen = len + 3;
871 unsigned char *buf;
872 long ret;
873
874 cmd[4] = len;
875
876 buf = os_malloc(blen);
877 if (buf == NULL)
878 return -1;
879
880 if (scard->sim_type == SCARD_USIM)
881 cmd[0] = USIM_CLA;
882 ret = scard_transmit(scard, cmd, sizeof(cmd), buf, &blen);
883 if (ret != SCARD_S_SUCCESS) {
884 os_free(buf);
885 return -2;
886 }
887 if (blen != len + 2) {
888 wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
889 "length %ld (expected %ld)",
890 (long) blen, (long) len + 2);
891 os_free(buf);
892 return -3;
893 }
894
895 if (buf[len] != 0x90 || buf[len + 1] != 0x00) {
896 wpa_printf(MSG_DEBUG, "SCARD: file read returned unexpected "
897 "status %02x %02x (expected 90 00)",
898 buf[len], buf[len + 1]);
899 os_free(buf);
900 return -4;
901 }
902
903 os_memcpy(data, buf, len);
904 os_free(buf);
905
906 return 0;
907}
908
909
910static int scard_verify_pin(struct scard_data *scard, const char *pin)
911{
912 long ret;
913 unsigned char resp[3];
914 unsigned char cmd[5 + 8] = { SIM_CMD_VERIFY_CHV1 };
915 size_t len;
916
917 wpa_printf(MSG_DEBUG, "SCARD: verifying PIN");
918
919 if (pin == NULL || os_strlen(pin) > 8)
920 return -1;
921
922 if (scard->sim_type == SCARD_USIM)
923 cmd[0] = USIM_CLA;
924 os_memcpy(cmd + 5, pin, os_strlen(pin));
925 os_memset(cmd + 5 + os_strlen(pin), 0xff, 8 - os_strlen(pin));
926
927 len = sizeof(resp);
928 ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
929 if (ret != SCARD_S_SUCCESS)
930 return -2;
931
932 if (len != 2 || resp[0] != 0x90 || resp[1] != 0x00) {
933 wpa_printf(MSG_WARNING, "SCARD: PIN verification failed");
934 return -1;
935 }
936
937 wpa_printf(MSG_DEBUG, "SCARD: PIN verified successfully");
938 return 0;
939}
940
941
942/**
943 * scard_get_imsi - Read IMSI from SIM/USIM card
944 * @scard: Pointer to private data from scard_init()
945 * @imsi: Buffer for IMSI
946 * @len: Length of imsi buffer; set to IMSI length on success
947 * Returns: 0 on success, -1 if IMSI file cannot be selected, -2 if IMSI file
948 * selection returns invalid result code, -3 if parsing FSP template file fails
949 * (USIM only), -4 if IMSI does not fit in the provided imsi buffer (len is set
950 * to needed length), -5 if reading IMSI file fails.
951 *
952 * This function can be used to read IMSI from the SIM/USIM card. If the IMSI
953 * file is PIN protected, scard_set_pin() must have been used to set the
954 * correct PIN code before calling scard_get_imsi().
955 */
956int scard_get_imsi(struct scard_data *scard, char *imsi, size_t *len)
957{
958 unsigned char buf[100];
959 size_t blen, imsilen, i;
960 char *pos;
961
962 wpa_printf(MSG_DEBUG, "SCARD: reading IMSI from (GSM) EF-IMSI");
963 blen = sizeof(buf);
964 if (scard_select_file(scard, SCARD_FILE_GSM_EF_IMSI, buf, &blen))
965 return -1;
966 if (blen < 4) {
967 wpa_printf(MSG_WARNING, "SCARD: too short (GSM) EF-IMSI "
968 "header (len=%ld)", (long) blen);
969 return -2;
970 }
971
972 if (scard->sim_type == SCARD_GSM_SIM) {
973 blen = (buf[2] << 8) | buf[3];
974 } else {
975 int file_size;
976 if (scard_parse_fsp_templ(buf, blen, NULL, &file_size))
977 return -3;
978 blen = file_size;
979 }
980 if (blen < 2 || blen > sizeof(buf)) {
981 wpa_printf(MSG_DEBUG, "SCARD: invalid IMSI file length=%ld",
982 (long) blen);
983 return -3;
984 }
985
986 imsilen = (blen - 2) * 2 + 1;
987 wpa_printf(MSG_DEBUG, "SCARD: IMSI file length=%ld imsilen=%ld",
988 (long) blen, (long) imsilen);
989 if (blen < 2 || imsilen > *len) {
990 *len = imsilen;
991 return -4;
992 }
993
994 if (scard_read_file(scard, buf, blen))
995 return -5;
996
997 pos = imsi;
998 *pos++ = '0' + (buf[1] >> 4 & 0x0f);
999 for (i = 2; i < blen; i++) {
1000 unsigned char digit;
1001
1002 digit = buf[i] & 0x0f;
1003 if (digit < 10)
1004 *pos++ = '0' + digit;
1005 else
1006 imsilen--;
1007
1008 digit = buf[i] >> 4 & 0x0f;
1009 if (digit < 10)
1010 *pos++ = '0' + digit;
1011 else
1012 imsilen--;
1013 }
1014 *len = imsilen;
1015
1016 return 0;
1017}
1018
1019
1020/**
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame^]1021 * scard_get_mnc_len - Read length of MNC in the IMSI from SIM/USIM card
1022 * @scard: Pointer to private data from scard_init()
1023 * Returns: length (>0) on success, -1 if administrative data file cannot be
1024 * selected, -2 if administrative data file selection returns invalid result
1025 * code, -3 if parsing FSP template file fails (USIM only), -4 if length of
1026 * the file is unexpected, -5 if reading file fails, -6 if MNC length is not
1027 * in range (i.e. 2 or 3), -7 if MNC length is not available.
1028 *
1029 */
1030int scard_get_mnc_len(struct scard_data *scard)
1031{
1032 unsigned char buf[100];
1033 size_t blen;
1034 int file_size;
1035
1036 wpa_printf(MSG_DEBUG, "SCARD: reading MNC len from (GSM) EF-AD");
1037 blen = sizeof(buf);
1038 if (scard_select_file(scard, SCARD_FILE_GSM_EF_AD, buf, &blen))
1039 return -1;
1040 if (blen < 4) {
1041 wpa_printf(MSG_WARNING, "SCARD: too short (GSM) EF-AD "
1042 "header (len=%ld)", (long) blen);
1043 return -2;
1044 }
1045
1046 if (scard->sim_type == SCARD_GSM_SIM) {
1047 file_size = (buf[2] << 8) | buf[3];
1048 } else {
1049 if (scard_parse_fsp_templ(buf, blen, NULL, &file_size))
1050 return -3;
1051 }
1052 if (file_size == 3) {
1053 wpa_printf(MSG_DEBUG, "SCARD: MNC length not available");
1054 return -7;
1055 }
1056 if (file_size < 4 || file_size > (int) sizeof(buf)) {
1057 wpa_printf(MSG_DEBUG, "SCARD: invalid file length=%ld",
1058 (long) file_size);
1059 return -4;
1060 }
1061
1062 if (scard_read_file(scard, buf, file_size))
1063 return -5;
1064 buf[3] = buf[3] & 0x0f; /* upper nibble reserved for future use */
1065 if (buf[3] < 2 || buf[3] > 3) {
1066 wpa_printf(MSG_DEBUG, "SCARD: invalid MNC length=%ld",
1067 (long) buf[3]);
1068 return -6;
1069 }
1070 wpa_printf(MSG_DEBUG, "SCARD: MNC length=%ld", (long) buf[3]);
1071 return buf[3];
1072}
1073
1074
1075/**
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1076 * scard_gsm_auth - Run GSM authentication command on SIM card
1077 * @scard: Pointer to private data from scard_init()
1078 * @_rand: 16-byte RAND value from HLR/AuC
1079 * @sres: 4-byte buffer for SRES
1080 * @kc: 8-byte buffer for Kc
1081 * Returns: 0 on success, -1 if SIM/USIM connection has not been initialized,
1082 * -2 if authentication command execution fails, -3 if unknown response code
1083 * for authentication command is received, -4 if reading of response fails,
1084 * -5 if if response data is of unexpected length
1085 *
1086 * This function performs GSM authentication using SIM/USIM card and the
1087 * provided RAND value from HLR/AuC. If authentication command can be completed
1088 * successfully, SRES and Kc values will be written into sres and kc buffers.
1089 */
1090int scard_gsm_auth(struct scard_data *scard, const unsigned char *_rand,
1091 unsigned char *sres, unsigned char *kc)
1092{
1093 unsigned char cmd[5 + 1 + 16] = { SIM_CMD_RUN_GSM_ALG };
1094 int cmdlen;
1095 unsigned char get_resp[5] = { SIM_CMD_GET_RESPONSE };
1096 unsigned char resp[3], buf[12 + 3 + 2];
1097 size_t len;
1098 long ret;
1099
1100 if (scard == NULL)
1101 return -1;
1102
1103 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - RAND", _rand, 16);
1104 if (scard->sim_type == SCARD_GSM_SIM) {
1105 cmdlen = 5 + 16;
1106 os_memcpy(cmd + 5, _rand, 16);
1107 } else {
1108 cmdlen = 5 + 1 + 16;
1109 cmd[0] = USIM_CLA;
1110 cmd[3] = 0x80;
1111 cmd[4] = 17;
1112 cmd[5] = 16;
1113 os_memcpy(cmd + 6, _rand, 16);
1114 }
1115 len = sizeof(resp);
1116 ret = scard_transmit(scard, cmd, cmdlen, resp, &len);
1117 if (ret != SCARD_S_SUCCESS)
1118 return -2;
1119
1120 if ((scard->sim_type == SCARD_GSM_SIM &&
1121 (len != 2 || resp[0] != 0x9f || resp[1] != 0x0c)) ||
1122 (scard->sim_type == SCARD_USIM &&
1123 (len != 2 || resp[0] != 0x61 || resp[1] != 0x0e))) {
1124 wpa_printf(MSG_WARNING, "SCARD: unexpected response for GSM "
1125 "auth request (len=%ld resp=%02x %02x)",
1126 (long) len, resp[0], resp[1]);
1127 return -3;
1128 }
1129 get_resp[4] = resp[1];
1130
1131 len = sizeof(buf);
1132 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
1133 if (ret != SCARD_S_SUCCESS)
1134 return -4;
1135
1136 if (scard->sim_type == SCARD_GSM_SIM) {
1137 if (len != 4 + 8 + 2) {
1138 wpa_printf(MSG_WARNING, "SCARD: unexpected data "
1139 "length for GSM auth (len=%ld, expected 14)",
1140 (long) len);
1141 return -5;
1142 }
1143 os_memcpy(sres, buf, 4);
1144 os_memcpy(kc, buf + 4, 8);
1145 } else {
1146 if (len != 1 + 4 + 1 + 8 + 2) {
1147 wpa_printf(MSG_WARNING, "SCARD: unexpected data "
1148 "length for USIM auth (len=%ld, "
1149 "expected 16)", (long) len);
1150 return -5;
1151 }
1152 if (buf[0] != 4 || buf[5] != 8) {
1153 wpa_printf(MSG_WARNING, "SCARD: unexpected SREC/Kc "
1154 "length (%d %d, expected 4 8)",
1155 buf[0], buf[5]);
1156 }
1157 os_memcpy(sres, buf + 1, 4);
1158 os_memcpy(kc, buf + 6, 8);
1159 }
1160
1161 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - SRES", sres, 4);
1162 wpa_hexdump(MSG_DEBUG, "SCARD: GSM auth - Kc", kc, 8);
1163
1164 return 0;
1165}
1166
1167
1168/**
1169 * scard_umts_auth - Run UMTS authentication command on USIM card
1170 * @scard: Pointer to private data from scard_init()
1171 * @_rand: 16-byte RAND value from HLR/AuC
1172 * @autn: 16-byte AUTN value from HLR/AuC
1173 * @res: 16-byte buffer for RES
1174 * @res_len: Variable that will be set to RES length
1175 * @ik: 16-byte buffer for IK
1176 * @ck: 16-byte buffer for CK
1177 * @auts: 14-byte buffer for AUTS
1178 * Returns: 0 on success, -1 on failure, or -2 if USIM reports synchronization
1179 * failure
1180 *
1181 * This function performs AKA authentication using USIM card and the provided
1182 * RAND and AUTN values from HLR/AuC. If authentication command can be
1183 * completed successfully, RES, IK, and CK values will be written into provided
1184 * buffers and res_len is set to length of received RES value. If USIM reports
1185 * synchronization failure, the received AUTS value will be written into auts
1186 * buffer. In this case, RES, IK, and CK are not valid.
1187 */
1188int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
1189 const unsigned char *autn,
1190 unsigned char *res, size_t *res_len,
1191 unsigned char *ik, unsigned char *ck, unsigned char *auts)
1192{
1193 unsigned char cmd[5 + 1 + AKA_RAND_LEN + 1 + AKA_AUTN_LEN] =
1194 { USIM_CMD_RUN_UMTS_ALG };
1195 unsigned char get_resp[5] = { USIM_CMD_GET_RESPONSE };
1196 unsigned char resp[3], buf[64], *pos, *end;
1197 size_t len;
1198 long ret;
1199
1200 if (scard == NULL)
1201 return -1;
1202
1203 if (scard->sim_type == SCARD_GSM_SIM) {
1204 wpa_printf(MSG_ERROR, "SCARD: Non-USIM card - cannot do UMTS "
1205 "auth");
1206 return -1;
1207 }
1208
1209 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - RAND", _rand, AKA_RAND_LEN);
1210 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS auth - AUTN", autn, AKA_AUTN_LEN);
1211 cmd[5] = AKA_RAND_LEN;
1212 os_memcpy(cmd + 6, _rand, AKA_RAND_LEN);
1213 cmd[6 + AKA_RAND_LEN] = AKA_AUTN_LEN;
1214 os_memcpy(cmd + 6 + AKA_RAND_LEN + 1, autn, AKA_AUTN_LEN);
1215
1216 len = sizeof(resp);
1217 ret = scard_transmit(scard, cmd, sizeof(cmd), resp, &len);
1218 if (ret != SCARD_S_SUCCESS)
1219 return -1;
1220
1221 if (len <= sizeof(resp))
1222 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS alg response", resp, len);
1223
1224 if (len == 2 && resp[0] == 0x98 && resp[1] == 0x62) {
1225 wpa_printf(MSG_WARNING, "SCARD: UMTS auth failed - "
1226 "MAC != XMAC");
1227 return -1;
1228 } else if (len != 2 || resp[0] != 0x61) {
1229 wpa_printf(MSG_WARNING, "SCARD: unexpected response for UMTS "
1230 "auth request (len=%ld resp=%02x %02x)",
1231 (long) len, resp[0], resp[1]);
1232 return -1;
1233 }
1234 get_resp[4] = resp[1];
1235
1236 len = sizeof(buf);
1237 ret = scard_transmit(scard, get_resp, sizeof(get_resp), buf, &len);
1238 if (ret != SCARD_S_SUCCESS || len > sizeof(buf))
1239 return -1;
1240
1241 wpa_hexdump(MSG_DEBUG, "SCARD: UMTS get response result", buf, len);
1242 if (len >= 2 + AKA_AUTS_LEN && buf[0] == 0xdc &&
1243 buf[1] == AKA_AUTS_LEN) {
1244 wpa_printf(MSG_DEBUG, "SCARD: UMTS Synchronization-Failure");
1245 os_memcpy(auts, buf + 2, AKA_AUTS_LEN);
1246 wpa_hexdump(MSG_DEBUG, "SCARD: AUTS", auts, AKA_AUTS_LEN);
1247 return -2;
1248 } else if (len >= 6 + IK_LEN + CK_LEN && buf[0] == 0xdb) {
1249 pos = buf + 1;
1250 end = buf + len;
1251
1252 /* RES */
1253 if (pos[0] > RES_MAX_LEN || pos + pos[0] > end) {
1254 wpa_printf(MSG_DEBUG, "SCARD: Invalid RES");
1255 return -1;
1256 }
1257 *res_len = *pos++;
1258 os_memcpy(res, pos, *res_len);
1259 pos += *res_len;
1260 wpa_hexdump(MSG_DEBUG, "SCARD: RES", res, *res_len);
1261
1262 /* CK */
1263 if (pos[0] != CK_LEN || pos + CK_LEN > end) {
1264 wpa_printf(MSG_DEBUG, "SCARD: Invalid CK");
1265 return -1;
1266 }
1267 pos++;
1268 os_memcpy(ck, pos, CK_LEN);
1269 pos += CK_LEN;
1270 wpa_hexdump(MSG_DEBUG, "SCARD: CK", ck, CK_LEN);
1271
1272 /* IK */
1273 if (pos[0] != IK_LEN || pos + IK_LEN > end) {
1274 wpa_printf(MSG_DEBUG, "SCARD: Invalid IK");
1275 return -1;
1276 }
1277 pos++;
1278 os_memcpy(ik, pos, IK_LEN);
1279 pos += IK_LEN;
1280 wpa_hexdump(MSG_DEBUG, "SCARD: IK", ik, IK_LEN);
1281
1282 return 0;
1283 }
1284
1285 wpa_printf(MSG_DEBUG, "SCARD: Unrecognized response");
1286 return -1;
1287}