omnirom · celogeek · Nov 29, 2013
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
@@ -1091,6 +1091,18 @@ static int eap_sm_get_scard_identity(struct eap_sm *sm,
 
 	return eap_sm_imsi_identity(sm, conf);
 #else /* PCSC_FUNCS */
+#ifdef CONFIG_RILD_FUNCS
+	u32 allowMethod = EAP_TYPE_NONE;
+	if (eap_allowed_method(sm, EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME))
+		allowMethod = EAP_TYPE_AKA_PRIME;
+	else if (eap_allowed_method(sm, EAP_VENDOR_IETF, EAP_TYPE_AKA))
+		allowMethod = EAP_TYPE_AKA;
+	else if (eap_allowed_method(sm, EAP_VENDOR_IETF, EAP_TYPE_SIM))
+		allowMethod = EAP_TYPE_SIM;
+	else
+		return -1;
+	return (conf->imsi && os_strcmp((const char*)conf->imsi, "\"none\"") != 0) ? 0:-1;
+#endif /* CONFIG_RILD_FUNCS */
 	return -1;
 #endif /* PCSC_FUNCS */
 }
@@ -1130,6 +1142,13 @@ struct wpabuf * eap_sm_buildIdentity(struct eap_sm *sm, int id, int encrypted)
 		identity_len = config->anonymous_identity_len;
 		wpa_hexdump_ascii(MSG_DEBUG, "EAP: using anonymous identity",
 				  identity, identity_len);
+#ifdef CONFIG_RILD_FUNCS
+	} else if (eap_sm_get_scard_identity(sm, config) == 0) {
+		identity = config->imsi;
+		identity_len = config->imsi_len;
+		wpa_hexdump_ascii(MSG_DEBUG, "permanent identity from "
+					  "IMSI", identity, identity_len);
+#endif
 	} else {
 		identity = config->identity;
 		identity_len = config->identity_len;
@@ -1949,6 +1968,14 @@ const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
 	struct eap_peer_config *config = eap_get_config(sm);
 	if (config == NULL)
 		return NULL;
+#ifdef CONFIG_RILD_FUNCS
+	if (sm->selectedMethod == EAP_TYPE_SIM
+		|| sm->selectedMethod == EAP_TYPE_AKA
+		|| sm->selectedMethod == EAP_TYPE_AKA_PRIME) {
+		*len = config->imsi_len;
+		return config->imsi;
+	}
+#endif
 	*len = config->identity_len;
 	return config->identity;
 }

diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
@@ -9,7 +9,6 @@
 #include "includes.h"
 
 #include "common.h"
-#include "pcsc_funcs.h"
 #include "crypto/crypto.h"
 #include "crypto/sha1.h"
 #include "crypto/sha256.h"
@@ -18,6 +17,11 @@
 #include "eap_config.h"
 #include "eap_i.h"
 
+#ifdef CONFIG_RILD_FUNCS
+#include "rild_funcs.h"
+#else
+#include "pcsc_funcs.h"
+#endif
 
 struct eap_aka_data {
 	u8 ik[EAP_AKA_IK_LEN], ck[EAP_AKA_CK_LEN], res[EAP_AKA_RES_MAX_LEN];
@@ -141,16 +145,47 @@ static void eap_aka_deinit(struct eap_sm *sm, void *priv)
 	}
 }
 
-
 static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
 {
 	struct eap_peer_config *conf;
-
+#ifdef CONFIG_RILD_FUNCS
+	int slotId = -1;
+#endif
 	wpa_printf(MSG_DEBUG, "EAP-AKA: UMTS authentication algorithm");
 
 	conf = eap_get_config(sm);
 	if (conf == NULL)
 		return -1;
+#ifdef CONFIG_RILD_FUNCS
+	slotId = conf->sim_slot==NULL ? -1:atoi((const char*)conf->sim_slot);
+	/* slotId < 0 means to use software sim simulator,
+		certification lab test need it to do eap-sim/aka test */
+	if (slotId < 0) {
+		u8 opc[16];
+		u8 k[16];
+		u8 sqn[6];
+		char passwd[100] = {0};
+		getSoftSimPassword(data->eap_method, passwd);
+		wpa_printf(MSG_DEBUG, "EAP-AKA: Use internal Milenage "
+			   "implementation for UMTS authentication");
+		if (os_strlen(passwd) < 78) {
+			wpa_printf(MSG_DEBUG, "EAP-AKA: invalid Milenage "
+				   "password");
+			return -1;
+		}
+		if (hexstr2bin(passwd, k, 16) || *(passwd+32)!=':'
+			|| hexstr2bin(passwd+32+1, opc, 16) || *(passwd+32+1+32)!=':'
+			|| hexstr2bin(passwd+32+1+32+1, sqn, 6))
+			return -1;
+
+		return milenage_check(opc, k, sqn, data->rand, data->autn,
+				      data->ik, data->ck,
+				      data->res, &data->res_len, data->auts);
+	}
+	return scard_umts_auth(slotId, data->rand,
+			       data->autn, data->res, &data->res_len,
+			       data->ik, data->ck, data->auts);
+#else /* CONFIG_RILD_FUNCS */
 	if (conf->pcsc) {
 		return scard_umts_auth(sm->scard_ctx, data->rand,
 				       data->autn, data->res, &data->res_len,
@@ -230,9 +265,8 @@ static int eap_aka_umts_auth(struct eap_sm *sm, struct eap_aka_data *data)
 	return -1;
 
 #endif /* CONFIG_USIM_HARDCODED */
+#endif /* CONFIG_RILD_FUNCS */
 }
-
-
 #define CLEAR_PSEUDONYM	0x01
 #define CLEAR_REAUTH_ID	0x02
 #define CLEAR_EAP_ID	0x04

diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
@@ -159,6 +159,12 @@ struct eap_peer_config {
 	 */
 	u8 *private_key_passwd;
 
+#ifdef CONFIG_RILD_FUNCS
+	u8 *imsi;
+	size_t imsi_len;
+	u8 *sim_slot;
+	size_t sim_slot_len;
+#endif
 	/**
 	 * dh_file - File path to DH/DSA parameters file (in PEM format)
 	 *

diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
@@ -9,13 +9,17 @@
 #include "includes.h"
 
 #include "common.h"
-#include "pcsc_funcs.h"
 #include "crypto/milenage.h"
 #include "crypto/random.h"
 #include "eap_peer/eap_i.h"
 #include "eap_config.h"
 #include "eap_common/eap_sim_common.h"
 
+#ifdef CONFIG_RILD_FUNCS
+#include "rild_funcs.h"
+#else
+#include "pcsc_funcs.h"
+#endif
 
 struct eap_sim_data {
 	u8 *ver_list;
@@ -144,16 +148,63 @@ static void eap_sim_deinit(struct eap_sm *sm, void *priv)
 	}
 }
 
-
 static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
 {
 	struct eap_peer_config *conf;
-
+#ifdef CONFIG_RILD_FUNCS
+	int slotId = -1;
+#endif
 	wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication algorithm");
 
 	conf = eap_get_config(sm);
 	if (conf == NULL)
 		return -1;
+#ifdef CONFIG_RILD_FUNCS
+	slotId = conf->sim_slot == NULL ? -1:atoi((const char*)conf->sim_slot);
+
+	/* slotId < 0 means to use software sim simulator,
+		certification lab test need it to do eap-sim/aka test*/
+	if (slotId < 0) {
+		u8 opc[16];
+		u8 k[16];
+		char passwd[100] = {0};
+		size_t i;
+		getSoftSimPassword(EAP_TYPE_SIM, passwd);
+		wpa_printf(MSG_DEBUG, "EAP-SIM: Use internal GSM-Milenage "
+			   "implementation for authentication");
+		if (hexstr2bin(passwd, k, 16) || *(passwd+32)!=':' || hexstr2bin(passwd+32+1, opc, 16))
+			return -1;
+
+		wpa_hexdump(MSG_DEBUG, "EAP-SIM, K",k,16);
+		wpa_hexdump(MSG_DEBUG, "EAP-SIM, opc",opc,16);
+		for (i = 0; i < data->num_chal; i++) {
+			if (gsm_milenage(opc, k, data->rand[i],
+					 data->sres[i], data->kc[i])) {
+				wpa_printf(MSG_DEBUG, "EAP-SIM: "
+					   "GSM-Milenage authentication "
+					   "could not be completed");
+				return -1;
+			}
+			wpa_hexdump(MSG_DEBUG, "EAP-SIM: RAND",
+					data->rand[i], GSM_RAND_LEN);
+			wpa_hexdump(MSG_DEBUG, "EAP-SIM: SRES",
+					data->sres[i], EAP_SIM_SRES_LEN);
+			wpa_hexdump(MSG_DEBUG, "EAP-SIM: Kc",
+					data->kc[i], EAP_SIM_KC_LEN);
+		}
+	} else if (scard_gsm_auth(slotId, data->rand[0],
+			   data->sres[0], data->kc[0]) ||
+		scard_gsm_auth(slotId, data->rand[1],
+			   data->sres[1], data->kc[1]) ||
+		(data->num_chal > 2 &&
+		 scard_gsm_auth(slotId, data->rand[2],
+				data->sres[2], data->kc[2]))) {
+		wpa_printf(MSG_DEBUG, "EAP-SIM: GSM SIM "
+			   "authentication could not be completed");
+		return -1;
+	}
+	return 0;
+#else /* CONFIG_RILD_FUNCS */
 	if (conf->pcsc) {
 		if (scard_gsm_auth(sm->scard_ctx, data->rand[0],
 				   data->sres[0], data->kc[0]) ||
@@ -254,9 +305,9 @@ static int eap_sim_gsm_auth(struct eap_sm *sm, struct eap_sim_data *data)
 	return -1;
 
 #endif /* CONFIG_SIM_HARDCODED */
+#endif /* CONFIG_RILD_FUNCS */
 }
 
-
 static int eap_sim_supported_ver(int version)
 {
 	return version == EAP_SIM_VERSION;

diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c
@@ -263,7 +263,11 @@ int os_program_init(void)
 #ifdef ANDROID_SETGROUPS_OVERRIDE
 	gid_t groups[] = { ANDROID_SETGROUPS_OVERRIDE };
 #else /* ANDROID_SETGROUPS_OVERRIDE */
+#ifdef CONFIG_RILD_FUNCS /* add me into system group, to get permission for rild-oem socket accessing */
+	gid_t groups[] = { AID_INET, AID_WIFI, AID_KEYSTORE, AID_SYSTEM };
+#else
 	gid_t groups[] = { AID_INET, AID_WIFI, AID_KEYSTORE };
+#endif
 #endif /* ANDROID_SETGROUPS_OVERRIDE */
 	struct __user_cap_header_struct header;
 	struct __user_cap_data_struct cap;