#include "includes.h"
#include <sys/un.h>
#include "common.h"
#include "eap_common/eap_sim_common.h"
#include "eap_server/eap_sim_db.h"
#include "eloop.h"
Go to the source code of this file.
Classes | |
struct | eap_sim_db_data |
struct | eap_sim_db_pending |
struct | eap_sim_pseudonym |
Functions | |
static void | eap_sim_db_add_pending (struct eap_sim_db_data *data, struct eap_sim_db_pending *entry) |
int | eap_sim_db_add_pseudonym (void *priv, const u8 *identity, size_t identity_len, char *pseudonym) |
int | eap_sim_db_add_reauth (void *priv, const u8 *identity, size_t identity_len, char *reauth_id, u16 counter, const u8 *mk) |
static struct eap_sim_reauth * | eap_sim_db_add_reauth_data (struct eap_sim_db_data *data, const u8 *identity, size_t identity_len, char *reauth_id, u16 counter) |
static void | eap_sim_db_aka_resp_auth (struct eap_sim_db_data *data, const char *imsi, char *buf) |
static void | eap_sim_db_close_socket (struct eap_sim_db_data *data) |
void | eap_sim_db_deinit (void *priv) |
static void | eap_sim_db_expire_pending (struct eap_sim_db_data *data) |
static void | eap_sim_db_free_pseudonym (struct eap_sim_pseudonym *p) |
static void | eap_sim_db_free_reauth (struct eap_sim_reauth *r) |
int | eap_sim_db_get_aka_auth (void *priv, const u8 *identity, size_t identity_len, u8 *_rand, u8 *autn, u8 *ik, u8 *ck, u8 *res, size_t *res_len, void *cb_session_ctx) |
int | eap_sim_db_get_gsm_triplets (void *priv, const u8 *identity, size_t identity_len, int max_chal, u8 *_rand, u8 *kc, u8 *sres, void *cb_session_ctx) |
static char * | eap_sim_db_get_next (struct eap_sim_db_data *data, char prefix) |
char * | eap_sim_db_get_next_pseudonym (void *priv, int aka) |
char * | eap_sim_db_get_next_reauth_id (void *priv, int aka) |
static struct eap_sim_db_pending * | eap_sim_db_get_pending (struct eap_sim_db_data *data, const u8 *imsi, size_t imsi_len, int aka) |
const u8 * | eap_sim_db_get_permanent (void *priv, const u8 *identity, size_t identity_len, size_t *len) |
static struct eap_sim_pseudonym * | eap_sim_db_get_pseudonym (struct eap_sim_db_data *data, const u8 *identity, size_t identity_len) |
static struct eap_sim_pseudonym * | eap_sim_db_get_pseudonym_id (struct eap_sim_db_data *data, const u8 *identity, size_t identity_len) |
static struct eap_sim_reauth * | eap_sim_db_get_reauth (struct eap_sim_db_data *data, const u8 *identity, size_t identity_len) |
struct eap_sim_reauth * | eap_sim_db_get_reauth_entry (void *priv, const u8 *identity, size_t identity_len) |
static struct eap_sim_reauth * | eap_sim_db_get_reauth_id (struct eap_sim_db_data *data, const u8 *identity, size_t identity_len) |
int | eap_sim_db_identity_known (void *priv, const u8 *identity, size_t identity_len) |
void * | eap_sim_db_init (const char *config, void(*get_complete_cb)(void *ctx, void *session_ctx), void *ctx) |
static int | eap_sim_db_open_socket (struct eap_sim_db_data *data) |
static void | eap_sim_db_receive (int sock, void *eloop_ctx, void *sock_ctx) |
void | eap_sim_db_remove_reauth (void *priv, struct eap_sim_reauth *reauth) |
int | eap_sim_db_resynchronize (void *priv, const u8 *identity, size_t identity_len, const u8 *auts, const u8 *_rand) |
static int | eap_sim_db_send (struct eap_sim_db_data *data, const char *msg, size_t len) |
static void | eap_sim_db_sim_resp_auth (struct eap_sim_db_data *data, const char *imsi, char *buf) |
static void eap_sim_db_add_pending | ( | struct eap_sim_db_data * | data, |
struct eap_sim_db_pending * | entry | ||
) | [static] |
Definition at line 100 of file eap_sim_db.c.
int eap_sim_db_add_pseudonym | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
char * | pseudonym | ||
) |
eap_sim_db_add_pseudonym - EAP-SIM DB: Add new pseudonym : Private data pointer from eap_sim_db_init() : Identity of the user (may be permanent identity or pseudonym) : Length of identity : Pseudonym for this user. This needs to be an allocated buffer, e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not free it. Returns: 0 on success, -1 on failure
This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is responsible of freeing pseudonym buffer once it is not needed anymore.
Definition at line 900 of file eap_sim_db.c.
int eap_sim_db_add_reauth | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
char * | reauth_id, | ||
u16 | counter, | ||
const u8 * | mk | ||
) |
eap_sim_db_add_reauth - EAP-SIM DB: Add new re-authentication entry : Private data pointer from eap_sim_db_init() : Identity of the user (may be permanent identity or pseudonym) : Length of identity : reauth_id for this user. This needs to be an allocated buffer, e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not free it. : AT_COUNTER value for fast re-authentication : 16-byte MK from the previous full authentication or NULL Returns: 0 on success, -1 on failure
This function adds a new re-authentication entry for an EAP-SIM user. EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed anymore.
Definition at line 1007 of file eap_sim_db.c.
static struct eap_sim_reauth* eap_sim_db_add_reauth_data | ( | struct eap_sim_db_data * | data, |
const u8 * | identity, | ||
size_t | identity_len, | ||
char * | reauth_id, | ||
u16 | counter | ||
) | [static, read] |
Definition at line 946 of file eap_sim_db.c.
static void eap_sim_db_aka_resp_auth | ( | struct eap_sim_db_data * | data, |
const char * | imsi, | ||
char * | buf | ||
) | [static] |
Definition at line 187 of file eap_sim_db.c.
static void eap_sim_db_close_socket | ( | struct eap_sim_db_data * | data | ) | [static] |
Definition at line 375 of file eap_sim_db.c.
void eap_sim_db_deinit | ( | void * | priv | ) |
eap_sim_db_deinit - Deinitialize EAP-SIM DB/authentication gw interface : Private data pointer from eap_sim_db_init()
Definition at line 449 of file eap_sim_db.c.
static void eap_sim_db_expire_pending | ( | struct eap_sim_db_data * | data | ) | [static] |
Definition at line 512 of file eap_sim_db.c.
static void eap_sim_db_free_pseudonym | ( | struct eap_sim_pseudonym * | p | ) | [static] |
Definition at line 429 of file eap_sim_db.c.
static void eap_sim_db_free_reauth | ( | struct eap_sim_reauth * | r | ) | [static] |
Definition at line 437 of file eap_sim_db.c.
int eap_sim_db_get_aka_auth | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
u8 * | _rand, | ||
u8 * | autn, | ||
u8 * | ik, | ||
u8 * | ck, | ||
u8 * | res, | ||
size_t * | res_len, | ||
void * | cb_session_ctx | ||
) |
eap_sim_db_get_aka_auth - Get AKA authentication values : Private data pointer from eap_sim_db_init() : User name identity : Length of identity in bytes : Buffer for RAND value : Buffer for AUTN value : Buffer for IK value : Buffer for CK value : Buffer for RES value : Buffer for RES length : Session callback context for get_complete_cb() Returns: 0 on success, -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the callback function registered with eap_sim_db_init() will be called once the results become available.
In most cases, the user name is '0' | IMSI, i.e., 0 followed by the IMSI in ASCII format.
When using an external server for AKA authentication, this function can always start a request and return EAP_SIM_DB_PENDING immediately if authentication triplets are not available. Once the authentication data are received, callback function registered with eap_sim_db_init() is called to notify EAP state machine to reprocess the message. This eap_sim_db_get_aka_auth() function will then be called again and the newly received triplets will then be given to the caller.
Definition at line 1174 of file eap_sim_db.c.
int eap_sim_db_get_gsm_triplets | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
int | max_chal, | ||
u8 * | _rand, | ||
u8 * | kc, | ||
u8 * | sres, | ||
void * | cb_session_ctx | ||
) |
eap_sim_db_get_gsm_triplets - Get GSM triplets : Private data pointer from eap_sim_db_init() : User name identity : Length of identity in bytes : Maximum number of triplets : Buffer for RAND values : Buffer for Kc values : Buffer for SRES values : Session callback context for get_complete_cb() Returns: Number of triplets received (has to be less than or equal to max_chal), -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the callback function registered with eap_sim_db_init() will be called once the results become available.
In most cases, the user name is '1' | IMSI, i.e., 1 followed by the IMSI in ASCII format.
When using an external server for GSM triplets, this function can always start a request and return EAP_SIM_DB_PENDING immediately if authentication triplets are not available. Once the triplets are received, callback function registered with eap_sim_db_init() is called to notify EAP state machine to reprocess the message. This eap_sim_db_get_gsm_triplets() function will then be called again and the newly received triplets will then be given to the caller.
Definition at line 547 of file eap_sim_db.c.
static char* eap_sim_db_get_next | ( | struct eap_sim_db_data * | data, |
char | prefix | ||
) | [static] |
Definition at line 828 of file eap_sim_db.c.
char* eap_sim_db_get_next_pseudonym | ( | void * | priv, |
int | aka | ||
) |
eap_sim_db_get_next_pseudonym - EAP-SIM DB: Get next pseudonym : Private data pointer from eap_sim_db_init() : Using EAP-AKA instead of EAP-SIM Returns: Next pseudonym (allocated string) or NULL on failure
This function is used to generate a pseudonym for EAP-SIM. The returned pseudonym is not added to database at this point; it will need to be added with eap_sim_db_add_pseudonym() once the authentication has been completed successfully. Caller is responsible for freeing the returned buffer.
Definition at line 859 of file eap_sim_db.c.
char* eap_sim_db_get_next_reauth_id | ( | void * | priv, |
int | aka | ||
) |
eap_sim_db_get_next_reauth_id - EAP-SIM DB: Get next reauth_id : Private data pointer from eap_sim_db_init() : Using EAP-AKA instead of EAP-SIM Returns: Next reauth_id (allocated string) or NULL on failure
This function is used to generate a fast re-authentication identity for EAP-SIM. The returned reauth_id is not added to database at this point; it will need to be added with eap_sim_db_add_reauth() once the authentication has been completed successfully. Caller is responsible for freeing the returned buffer.
Definition at line 879 of file eap_sim_db.c.
static struct eap_sim_db_pending* eap_sim_db_get_pending | ( | struct eap_sim_db_data * | data, |
const u8 * | imsi, | ||
size_t | imsi_len, | ||
int | aka | ||
) | [static, read] |
Definition at line 78 of file eap_sim_db.c.
const u8* eap_sim_db_get_permanent | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
size_t * | len | ||
) |
eap_sim_db_get_permanent - EAP-SIM DB: Get permanent identity : Private data pointer from eap_sim_db_init() : Identity of the user (may be permanent identity or pseudonym) : Length of identity : Buffer for length of the returned permanent identity Returns: Pointer to the permanent identity, or NULL if not found
Definition at line 1076 of file eap_sim_db.c.
static struct eap_sim_pseudonym* eap_sim_db_get_pseudonym | ( | struct eap_sim_db_data * | data, |
const u8 * | identity, | ||
size_t | identity_len | ||
) | [static, read] |
Definition at line 646 of file eap_sim_db.c.
static struct eap_sim_pseudonym* eap_sim_db_get_pseudonym_id | ( | struct eap_sim_db_data * | data, |
const u8 * | identity, | ||
size_t | identity_len | ||
) | [static, read] |
Definition at line 686 of file eap_sim_db.c.
static struct eap_sim_reauth* eap_sim_db_get_reauth | ( | struct eap_sim_db_data * | data, |
const u8 * | identity, | ||
size_t | identity_len | ||
) | [static, read] |
Definition at line 709 of file eap_sim_db.c.
struct eap_sim_reauth* eap_sim_db_get_reauth_entry | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len | ||
) | [read] |
eap_sim_db_get_reauth_entry - EAP-SIM DB: Get re-authentication entry : Private data pointer from eap_sim_db_init() : Identity of the user (may be permanent identity, pseudonym, or reauth_id) : Length of identity Returns: Pointer to the re-auth entry, or NULL if not found
Definition at line 1105 of file eap_sim_db.c.
static struct eap_sim_reauth* eap_sim_db_get_reauth_id | ( | struct eap_sim_db_data * | data, |
const u8 * | identity, | ||
size_t | identity_len | ||
) | [static, read] |
Definition at line 749 of file eap_sim_db.c.
int eap_sim_db_identity_known | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len | ||
) |
eap_sim_db_identity_known - Verify whether the given identity is known : Private data pointer from eap_sim_db_init() : User name identity : Length of identity in bytes Returns: 0 if the user is found or -1 on failure
In most cases, the user name is ['0','1'] | IMSI, i.e., 1 followed by the IMSI in ASCII format, ['2','3'] | pseudonym, or ['4','5'] | reauth_id.
Definition at line 788 of file eap_sim_db.c.
void* eap_sim_db_init | ( | const char * | config, |
void(*)(void *ctx, void *session_ctx) | get_complete_cb, | ||
void * | ctx | ||
) |
eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface : Configuration data (e.g., file name) : Callback function for reporting availability of triplets : Context pointer for get_complete_cb Returns: Pointer to a private data structure or NULL on failure
Definition at line 397 of file eap_sim_db.c.
static int eap_sim_db_open_socket | ( | struct eap_sim_db_data * | data | ) | [static] |
Definition at line 330 of file eap_sim_db.c.
static void eap_sim_db_receive | ( | int | sock, |
void * | eloop_ctx, | ||
void * | sock_ctx | ||
) | [static] |
Definition at line 278 of file eap_sim_db.c.
void eap_sim_db_remove_reauth | ( | void * | priv, |
struct eap_sim_reauth * | reauth | ||
) |
eap_sim_db_remove_reauth - EAP-SIM DB: Remove re-authentication entry : Private data pointer from eap_sim_db_init() : Pointer to re-authentication entry from eap_sim_db_get_reauth_entry()
Definition at line 1126 of file eap_sim_db.c.
int eap_sim_db_resynchronize | ( | void * | priv, |
const u8 * | identity, | ||
size_t | identity_len, | ||
const u8 * | auts, | ||
const u8 * | _rand | ||
) |
eap_sim_db_resynchronize - Resynchronize AKA AUTN : Private data pointer from eap_sim_db_init() : User name identity : Length of identity in bytes : AUTS value from the peer : RAND value used in the rejected message Returns: 0 on success, -1 on failure
This function is called when the peer reports synchronization failure in the AUTN value by sending AUTS. The AUTS and RAND values should be sent to HLR/AuC to allow it to resynchronize with the peer. After this, eap_sim_db_get_aka_auth() will be called again to to fetch updated RAND/AUTN values for the next challenge.
Definition at line 1281 of file eap_sim_db.c.
static int eap_sim_db_send | ( | struct eap_sim_db_data * | data, |
const char * | msg, | ||
size_t | len | ||
) | [static] |
Definition at line 484 of file eap_sim_db.c.
static void eap_sim_db_sim_resp_auth | ( | struct eap_sim_db_data * | data, |
const char * | imsi, | ||
char * | buf | ||
) | [static] |
Definition at line 108 of file eap_sim_db.c.