The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Enumerations
eap_aka.h File Reference

Declarations for EAP-AKA. More...

#include <freeradius-devel/sim/base.h>
+ Include dependency graph for eap_aka.h:

Go to the source code of this file.

Data Structures

struct  eap_aka_actions_t
 Cache sections to call on various protocol events. More...
 
struct  eap_aka_session_t
 
struct  rlm_eap_aka_t
 

Enumerations

enum  eap_aka_server_state_t {
  EAP_AKA_SERVER_IDENTITY = 0 ,
  EAP_AKA_SERVER_CHALLENGE ,
  EAP_AKA_SERVER_SUCCESS_NOTIFICATION ,
  EAP_AKA_SERVER_SUCCESS ,
  EAP_AKA_SERVER_FAILURE_NOTIFICATION ,
  EAP_AKA_SERVER_FAILURE ,
  EAP_AKA_SERVER_MAX_STATES
}
 Server states. More...
 

Detailed Description

Declarations for EAP-AKA.

Id
8f2ad778d82813a0f5ae172c05834ba9d99c8386
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Copyright
2016 The FreeRADIUS server project
2016 Network RADIUS SAS (legal.com)

Definition in file eap_aka.h.

Data Structure Documentation

◆ eap_aka_actions_t

struct eap_aka_actions_t

Cache sections to call on various protocol events.

Definition at line 49 of file eap_aka.h.

+ Collaboration diagram for eap_aka_actions_t:
Data Fields
CONF_SECTION * clear_session Clear authentication vectors.
CONF_SECTION * load_session Load cached authentication vectors.
CONF_SECTION * recv_authentication_reject Called if the supplicant rejects the authentication attempt.
CONF_SECTION * recv_challenge_response Called when we receive a response to a previous challenge.
CONF_SECTION * recv_client_error Called if the supplicant experiences an error of some kind.
CONF_SECTION * recv_eap_identity_response The initial state, entered into after we receive an EAP-Identity-Response.

The result of this section determines whether we send a:

  • AKA-Identity-Request - i.e. requesting a different ID.
  • Challenge-Request - Containing the necessary vectors for full authentication.
  • Fast-Reauth-Request - Containing the vectors for fast re-authentication.
CONF_SECTION * recv_failure_notification_ack Called when the supplicant ACKs our failure notification.
CONF_SECTION * recv_fast_reauth_response Called when we receive a response to a previous Fast-Reauth-Request.
CONF_SECTION * recv_identity_response Called when we receive a new identity.
CONF_SECTION * recv_success_notification_ack Called when the supplicant ACKs our success notification.
CONF_SECTION * recv_synchronization_failure Called if the supplicant determines the AUTN value is invalid.

Usually used for resyncing with the HLR.

CONF_SECTION * send_challenge_request Called when we're about to send a a challenge.
CONF_SECTION * send_eap_failure Called when we send an EAP-Failure message.
CONF_SECTION * send_eap_success Called when we send an EAP-Success message.
CONF_SECTION * send_failure_notification Called when we're about to send a EAP-AKA failure notification.
CONF_SECTION * send_fast_reauth_request Called when we're about to send a Fast-Reauth-Request.
CONF_SECTION * send_identity_request Called when we're about to request a different identity.
CONF_SECTION * send_success_notification Called when we're about to send a EAP-AKA success notification.
CONF_SECTION * store_session Store authentication vectors.

◆ eap_aka_session_t

struct eap_aka_session_t

Definition at line 101 of file eap_aka.h.

Data Fields
int aka_id Packet ID. (replay protection).
bool allow_encrypted Whether we can send encrypted attributes.
bool challenge_success Whether we received the correct challenge response.
fr_sim_id_req_type_t id_req The type of identity we're requesting or previously requested.
uint16_t kdf The key derivation function used to derive session keys.
fr_sim_keys_t keys Various EAP-AKA keys.
EVP_MD const * mac_md HMAC-MD we use to generate the MAC.

EVP_sha1() for EAP-AKA, EVP_sha256() for EAP-AKA'.

uint32_t request_identity Always send an identity request before a challenge.
bool send_at_bidding Indicate that we prefer EAP-AKA' and include an AT_BIDDING attribute.
bool send_result_ind Say that we would like to use protected result indications (AKA-Notification-Success).
eap_aka_server_state_t state Current session state.
eap_type_t type Either FR_TYPE_AKA, or FR_TYPE_AKA_PRIME.

◆ rlm_eap_aka_t

struct rlm_eap_aka_t

Definition at line 133 of file eap_aka.h.

+ Collaboration diagram for rlm_eap_aka_t:
Data Fields
eap_aka_actions_t actions Pre-compiled virtual server sections.
char const * network_name Network ID as described by RFC 5448.
bool protected_success
request_identity request_identity Whether we always request the identity of the subscriber.
char const * virtual_server Virtual server for HLR integration.

Enumeration Type Documentation

◆ eap_aka_server_state_t

enum eap_aka_server_state_t

Server states.

In server_start, we send a EAP-AKA Start message.

Enumerator
EAP_AKA_SERVER_IDENTITY 

Attempting to discover permanent identity of the supplicant.

EAP_AKA_SERVER_CHALLENGE 

We've challenged the supplicant.

EAP_AKA_SERVER_SUCCESS_NOTIFICATION 

Send success notification.

EAP_AKA_SERVER_SUCCESS 

Authentication completed successfully.

EAP_AKA_SERVER_FAILURE_NOTIFICATION 

Send failure notification.

EAP_AKA_SERVER_FAILURE 

Send an EAP-Failure.

EAP_AKA_SERVER_MAX_STATES 

Definition at line 35 of file eap_aka.h.

Generated by   doxygen 1.9.1