|
wpa_supplicant / hostapd
2.5
|
|
wpa_supplicant / hostapd
2.5
|
hostapd / EAP-SIM database/authenticator gateway More...
#include "includes.h"#include <sys/un.h>#include "common.h"#include "crypto/random.h"#include "eap_common/eap_sim_common.h"#include "eap_server/eap_sim_db.h"#include "eloop.h"Data Structures | |
| struct | eap_sim_pseudonym |
| struct | eap_sim_db_pending |
| struct | eap_sim_db_data |
Functions | |
| struct eap_sim_db_data * | eap_sim_db_init (const char *config, void(*get_complete_cb)(void *ctx, void *session_ctx), void *ctx) |
| Initialize EAP-SIM DB / authentication gateway interface. More... | |
| void | eap_sim_db_deinit (void *priv) |
| Deinitialize EAP-SIM DB/authentication gw interface. More... | |
| int | eap_sim_db_get_gsm_triplets (struct eap_sim_db_data *data, const char *username, int max_chal, u8 *_rand, u8 *kc, u8 *sres, void *cb_session_ctx) |
| Get GSM triplets. More... | |
| char * | eap_sim_db_get_next_pseudonym (struct eap_sim_db_data *data, enum eap_sim_db_method method) |
| EAP-SIM DB: Get next pseudonym. More... | |
| char * | eap_sim_db_get_next_reauth_id (struct eap_sim_db_data *data, enum eap_sim_db_method method) |
| EAP-SIM DB: Get next reauth_id. More... | |
| int | eap_sim_db_add_pseudonym (struct eap_sim_db_data *data, const char *permanent, char *pseudonym) |
| EAP-SIM DB: Add new pseudonym. More... | |
| int | eap_sim_db_add_reauth (struct eap_sim_db_data *data, const char *permanent, char *reauth_id, u16 counter, const u8 *mk) |
| EAP-SIM DB: Add new re-authentication entry. More... | |
| const char * | eap_sim_db_get_permanent (struct eap_sim_db_data *data, const char *pseudonym) |
| EAP-SIM DB: Get permanent identity. More... | |
| struct eap_sim_reauth * | eap_sim_db_get_reauth_entry (struct eap_sim_db_data *data, const char *reauth_id) |
| EAP-SIM DB: Get re-authentication entry. More... | |
| void | eap_sim_db_remove_reauth (struct eap_sim_db_data *data, struct eap_sim_reauth *reauth) |
| EAP-SIM DB: Remove re-authentication entry. More... | |
| int | eap_sim_db_get_aka_auth (struct eap_sim_db_data *data, const char *username, u8 *_rand, u8 *autn, u8 *ik, u8 *ck, u8 *res, size_t *res_len, void *cb_session_ctx) |
| Get AKA authentication values. More... | |
| int | eap_sim_db_resynchronize (struct eap_sim_db_data *data, const char *username, const u8 *auts, const u8 *_rand) |
| Resynchronize AKA AUTN. More... | |
| char * | sim_get_username (const u8 *identity, size_t identity_len) |
| Extract username from SIM identity. More... | |
hostapd / EAP-SIM database/authenticator gateway
This is an example implementation of the EAP-SIM/AKA database/authentication gateway interface that is using an external program as an SS7 gateway to GSM/UMTS authentication center (HLR/AuC). hlr_auc_gw is an example implementation of such a gateway program. This eap_sim_db.c takes care of EAP-SIM/AKA pseudonyms and re-auth identities. It can be used with different gateway implementations for HLR/AuC access. Alternatively, it can also be completely replaced if the in-memory database of pseudonyms/re-auth identities is not suitable for some cases.
| int eap_sim_db_add_pseudonym | ( | struct eap_sim_db_data * | data, |
| const char * | permanent, | ||
| char * | pseudonym | ||
| ) |
EAP-SIM DB: Add new pseudonym.
| data | Private data pointer from eap_sim_db_init() |
| permanent | Permanent username |
| pseudonym | Pseudonym for this user. This needs to be an allocated buffer, e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not free it. |
This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is responsible of freeing pseudonym buffer once it is not needed anymore.
| int eap_sim_db_add_reauth | ( | struct eap_sim_db_data * | data, |
| const char * | permanent, | ||
| char * | reauth_id, | ||
| u16 | counter, | ||
| const u8 * | mk | ||
| ) |
EAP-SIM DB: Add new re-authentication entry.
| priv | Private data pointer from eap_sim_db_init() |
| permanent | Permanent username |
| identity_len | Length of identity |
| reauth_id | reauth_id for this user. This needs to be an allocated buffer, e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not free it. |
| counter | AT_COUNTER value for fast re-authentication |
| mk | 16-byte MK from the previous full authentication or NULL |
This function adds a new re-authentication entry for an EAP-SIM user. EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed anymore.
| void eap_sim_db_deinit | ( | void * | priv | ) |
Deinitialize EAP-SIM DB/authentication gw interface.
| priv | Private data pointer from eap_sim_db_init() |
| int eap_sim_db_get_aka_auth | ( | struct eap_sim_db_data * | data, |
| const char * | username, | ||
| u8 * | _rand, | ||
| u8 * | autn, | ||
| u8 * | ik, | ||
| u8 * | ck, | ||
| u8 * | res, | ||
| size_t * | res_len, | ||
| void * | cb_session_ctx | ||
| ) |
Get AKA authentication values.
| data | Private data pointer from eap_sim_db_init() |
| username | Permanent username (prefix | IMSI) |
| _rand | Buffer for RAND value |
| autn | Buffer for AUTN value |
| ik | Buffer for IK value |
| ck | Buffer for CK value |
| res | Buffer for RES value |
| res_len | Buffer for RES length |
| cb_session_ctx | Session callback context for get_complete_cb() |
When using an external server for AKA authentication, this function can always start a request and return EAP_SIM_DB_PENDING immediately if authentication triplets are not available. Once the authentication data are received, callback function registered with eap_sim_db_init() is called to notify EAP state machine to reprocess the message. This eap_sim_db_get_aka_auth() function will then be called again and the newly received triplets will then be given to the caller.
| int eap_sim_db_get_gsm_triplets | ( | struct eap_sim_db_data * | data, |
| const char * | username, | ||
| int | max_chal, | ||
| u8 * | _rand, | ||
| u8 * | kc, | ||
| u8 * | sres, | ||
| void * | cb_session_ctx | ||
| ) |
Get GSM triplets.
| data | Private data pointer from eap_sim_db_init() |
| username | Permanent username (prefix | IMSI) |
| max_chal | Maximum number of triplets |
| _rand | Buffer for RAND values |
| kc | Buffer for Kc values |
| sres | Buffer for SRES values |
| cb_session_ctx | Session callback context for get_complete_cb() |
When using an external server for GSM triplets, this function can always start a request and return EAP_SIM_DB_PENDING immediately if authentication triplets are not available. Once the triplets are received, callback function registered with eap_sim_db_init() is called to notify EAP state machine to reprocess the message. This eap_sim_db_get_gsm_triplets() function will then be called again and the newly received triplets will then be given to the caller.
| char* eap_sim_db_get_next_pseudonym | ( | struct eap_sim_db_data * | data, |
| enum eap_sim_db_method | method | ||
| ) |
EAP-SIM DB: Get next pseudonym.
| data | Private data pointer from eap_sim_db_init() |
| method | EAP method (SIM/AKA/AKA') |
This function is used to generate a pseudonym for EAP-SIM. The returned pseudonym is not added to database at this point; it will need to be added with eap_sim_db_add_pseudonym() once the authentication has been completed successfully. Caller is responsible for freeing the returned buffer.
| char* eap_sim_db_get_next_reauth_id | ( | struct eap_sim_db_data * | data, |
| enum eap_sim_db_method | method | ||
| ) |
EAP-SIM DB: Get next reauth_id.
| data | Private data pointer from eap_sim_db_init() |
| method | EAP method (SIM/AKA/AKA') |
This function is used to generate a fast re-authentication identity for EAP-SIM. The returned reauth_id is not added to database at this point; it will need to be added with eap_sim_db_add_reauth() once the authentication has been completed successfully. Caller is responsible for freeing the returned buffer.
| const char* eap_sim_db_get_permanent | ( | struct eap_sim_db_data * | data, |
| const char * | pseudonym | ||
| ) |
EAP-SIM DB: Get permanent identity.
| data | Private data pointer from eap_sim_db_init() |
| pseudonym | Pseudonym username |
| struct eap_sim_reauth* eap_sim_db_get_reauth_entry | ( | struct eap_sim_db_data * | data, |
| const char * | reauth_id | ||
| ) |
EAP-SIM DB: Get re-authentication entry.
| data | Private data pointer from eap_sim_db_init() |
| reauth_id | Fast re-authentication username |
| struct eap_sim_db_data* eap_sim_db_init | ( | const char * | config, |
| void(*)(void *ctx, void *session_ctx) | get_complete_cb, | ||
| void * | ctx | ||
| ) |
Initialize EAP-SIM DB / authentication gateway interface.
| config | Configuration data (e.g., file name) |
| get_complete_cb | Callback function for reporting availability of triplets |
| ctx | Context pointer for get_complete_cb |
| void eap_sim_db_remove_reauth | ( | struct eap_sim_db_data * | data, |
| struct eap_sim_reauth * | reauth | ||
| ) |
EAP-SIM DB: Remove re-authentication entry.
| data | Private data pointer from eap_sim_db_init() |
| reauth | Pointer to re-authentication entry from eap_sim_db_get_reauth_entry() |
| int eap_sim_db_resynchronize | ( | struct eap_sim_db_data * | data, |
| const char * | username, | ||
| const u8 * | auts, | ||
| const u8 * | _rand | ||
| ) |
Resynchronize AKA AUTN.
| data | Private data pointer from eap_sim_db_init() |
| username | Permanent username |
| auts | AUTS value from the peer |
| _rand | RAND value used in the rejected message |
This function is called when the peer reports synchronization failure in the AUTN value by sending AUTS. The AUTS and RAND values should be sent to HLR/AuC to allow it to resynchronize with the peer. After this, eap_sim_db_get_aka_auth() will be called again to to fetch updated RAND/AUTN values for the next challenge.
| char* sim_get_username | ( | const u8 * | identity, |
| size_t | identity_len | ||
| ) |
Extract username from SIM identity.
| identity | Identity |
| identity_len | Identity length |
Caller is responsible for freeing the returned buffer with os_free().
1.8.6