base.h File Reference

Functions common to SIM protocols (EAP-SIM/EAP-AKA/EAP-AKA') More...

#include <assert.h>
#include <freeradius-devel/tls/openssl_user_macros.h>
#include <openssl/evp.h>
#include <freeradius-devel/eap/compose.h>
#include <freeradius-devel/eap/types.h>
#include "id.h"

Include dependency graph for base.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	fr_aka_sim_checkcode_t
	Stores our checkcode state. More...
struct	fr_aka_sim_ctx_t
	Encoder/decoder ctx. More...
struct	fr_aka_sim_keys_t
	Master key state struct for all SIMlike EAP protocols. More...
struct	fr_aka_sim_keys_t.__unnamed15__
union	fr_aka_sim_keys_t.__unnamed15__.__unnamed17__
struct	fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.gsm
	Input to kdf_0_gsm. More...
struct	fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.reauth
	Input/output from kdf_*_reauth_*. More...
struct	fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.umts
	Input to kdf_*_umts. More...
struct	fr_aka_sim_keys_t.__unnamed15__.auc
struct	fr_aka_sim_vector_gsm_t
union	fr_aka_sim_vector_gsm_t.__unnamed11__
union	fr_aka_sim_vector_gsm_t.__unnamed13__
struct	fr_aka_sim_vector_umts_t

Macros
#define	AKA_PRIME_MK_REAUTH_SIZE   80U
	The portion of the MK used for re-auth. More...
#define	AKA_PRIME_MK_SIZE   208U
#define	AKA_SIM_AUTH_SIZE   16U
#define	AKA_SIM_IV_SIZE   16U
	Length of the IV used when processing AT_ENCR. More...
#define	AKA_SIM_K_RE_SIZE   32U
	Reauthentication key size. More...
#define	AKA_SIM_KI_SIZE   16U
	Length of secret data shared between SIM and AuC. More...
#define	AKA_SIM_MAC_DIGEST_SIZE   16U
	Length of MAC used to prevent packet modification. More...
#define	AKA_SIM_MAC_SIZE   20U
	Length of MAC used to prevent packet modification. More...
#define	AKA_SIM_MAX_STRING_LENGTH   1016U
	Maximum size of a SIM/AKA['] string ((4 * 255) - 4). More...
#define	AKA_SIM_MK_MAX_SIZE   208U
	Master key size, 20 for EAP-SIM/EAP-AKA. More...
#define	AKA_SIM_MK_SIZE   20U
#define	AKA_SIM_NONCE_S_SIZE   16U
	Length of re-authentication nonce. More...
#define	AKA_SIM_OP_SIZE   16U
	Length of Operator Algorithm Configuration. More...
#define	AKA_SIM_OPC_SIZE   16U
	Length of modified Operator Algorithm Configuration. More...
#define	AKA_SIM_SKIPPABLE_MAX   127U
	The last non-skippable attribute. More...
#define	AKA_SIM_SQN_AK_SIZE   6U
#define	AKA_SIM_VECTOR_GSM_KC_SIZE   8U
	Length of Kc in GSM triplet. More...
#define	AKA_SIM_VECTOR_GSM_RAND_SIZE   16U
	Length of RAND in GSM triplet. More...
#define	AKA_SIM_VECTOR_GSM_SRES_SIZE   4U
	Length of SRES in GSM triplet. More...
#define	AKA_SIM_VECTOR_UMTS_AK_SIZE   6U
#define	AKA_SIM_VECTOR_UMTS_AUTN_SIZE   16U
#define	AKA_SIM_VECTOR_UMTS_CK_SIZE   16U
#define	AKA_SIM_VECTOR_UMTS_IK_SIZE   16U
#define	AKA_SIM_VECTOR_UMTS_RAND_SIZE   16U
#define	AKA_SIM_VECTOR_UMTS_XRES_MAX_SIZE   16U
#define	EAP_AKA_AUTH_SIZE   16U
#define	EAP_AKA_AUTS_SIZE   14U
	Server sequence number. More...
#define	EAP_AKA_PRIME_AUTH_SIZE   32U
#define	EAP_AKA_SIM_AUTH_SIZE   16U
#define	EAP_SIM_NONCE_MT_SIZE   16U
	Length of challenge from SIM client. More...
#define	EAP_SIM_VERSION   1U

Enumerations
enum	fr_aka_sim_vector_src_t {   AKA_SIM_VECTOR_SRC_AUTO ,   AKA_SIM_VECTOR_SRC_TRIPLETS ,   AKA_SIM_VECTOR_SRC_QUINTUPLETS ,   AKA_SIM_VECTOR_SRC_KI ,   AKA_SIM_VECTOR_SRC_REAUTH }
	Where to get EAP-SIM vectors from. More...
enum	fr_aka_sim_vector_type_t {   AKA_SIM_VECTOR_NONE = 0 ,   AKA_SIM_VECTOR_GSM ,   AKA_SIM_VECTOR_UMTS ,   AKA_SIM_VECTOR_UMTS_REAUTH_KDF_0_REAUTH ,   AKA_SIM_VECTOR_UMTS_REAUTH_KDF_1_REAUTH }
	The type of auth vector held by a fr_aka_sim_keys_t. More...

Functions
size_t	fr_aka_sim_attr_len (fr_pair_t const *vp)
	Return the on-the-wire length of an attribute value. More...
ssize_t	fr_aka_sim_crypto_finalise_checkcode (TALLOC_CTX *ctx, uint8_t **out, fr_aka_sim_checkcode_t *checkcode)
	Write out the final checkcode value. More...
int	fr_aka_sim_crypto_gsm_kdf_0 (fr_aka_sim_keys_t *keys)
	Key Derivation Function as described in RFC4186 (EAP-SIM) section 7. More...
int	fr_aka_sim_crypto_init_checkcode (TALLOC_CTX *ctx, fr_aka_sim_checkcode_t **checkcode, EVP_MD const *md)
	Initialise checkcode message digest. More...
int	fr_aka_sim_crypto_kdf_0_reauth (fr_aka_sim_keys_t *keys)
	Key Derivation Function (Fast-Reauthentication) as described in RFC4186/7 (EAP-SIM/AKA) section 7. More...
void	fr_aka_sim_crypto_keys_init_kdf_0_reauth (fr_aka_sim_keys_t *keys, uint8_t const mk[static AKA_SIM_MK_SIZE], uint16_t counter)
	Initialise fr_aka_sim_keys_t with EAP-SIM reauthentication data. More...
void	fr_aka_sim_crypto_keys_init_umts_kdf_1_reauth (fr_aka_sim_keys_t *keys, uint8_t const mk[static AKA_PRIME_MK_REAUTH_SIZE], uint16_t counter)
	Initialise fr_aka_sim_keys_t with EAP-AKA['] reauthentication data. More...
void	fr_aka_sim_crypto_keys_log (request_t *request, fr_aka_sim_keys_t *keys)
	Dump the current state of all keys associated with the EAP SIM session. More...
ssize_t	fr_aka_sim_crypto_sign_packet (uint8_t out[static AKA_SIM_MAC_DIGEST_SIZE], eap_packet_t *eap_packet, bool zero_mac, EVP_MD const *md, uint8_t const *key, size_t const key_len, uint8_t const *hmac_extra, size_t const hmac_extra_len)
	Calculate the digest value for a packet. More...
int	fr_aka_sim_crypto_umts_kdf_0 (fr_aka_sim_keys_t *keys)
	Key Derivation Function as described in RFC4187 (EAP-AKA) section 7. More...
int	fr_aka_sim_crypto_umts_kdf_1 (fr_aka_sim_keys_t *keys)
	Key Derivation Function as described in RFC 5448 (EAP-AKA') section 3.3. More...
int	fr_aka_sim_crypto_umts_kdf_1_reauth (fr_aka_sim_keys_t *keys)
	Key Derivation Function (Fast-Reauthentication) as described in RFC 5448 (EAP-AKA') section 3.3. More...
int	fr_aka_sim_crypto_update_checkcode (fr_aka_sim_checkcode_t *checkcode, eap_packet_t *eap_packet)
	Digest a packet, updating the checkcode. More...
int	fr_aka_sim_decode (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_t const *dict, uint8_t const *data, size_t data_len, fr_aka_sim_ctx_t *decode_ctx)
	Decode SIM/AKA/AKA' specific packet data. More...
ssize_t	fr_aka_sim_decode_pair (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
	Decode SIM/AKA/AKA' attributes. More...
ssize_t	fr_aka_sim_encode (request_t *request, fr_pair_list_t *to_encode, void *encode_ctx)
ssize_t	fr_aka_sim_encode_pair (fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx)
void	fr_aka_sim_fips186_2prf (uint8_t out[static 160], uint8_t mk[static 20])
	Implement the FIPS-186-2 PRF to derive keying material from the MK. More...
void	fr_aka_sim_free (void)
int	fr_aka_sim_init (void)
size_t	fr_aka_sim_octets_prefix_len (fr_dict_attr_t const *da)
	Return the number of bytes before the octets value. More...
int	fr_aka_sim_umts_resync_from_attrs (uint64_t *new_sqn, request_t *request, fr_pair_t *auts_vp, fr_aka_sim_keys_t *keys)
	Perform milenage AUTS validation and resynchronisation. More...
int	fr_aka_sim_vector_gsm_from_attrs (request_t *request, fr_pair_list_t *vps, int idx, fr_aka_sim_keys_t *keys, fr_aka_sim_vector_src_t *src)
	Retrieve GSM triplets from sets of attributes. More...
int	fr_aka_sim_vector_gsm_umts_kdf_0_reauth_from_attrs (request_t *request, fr_pair_list_t *vps, fr_aka_sim_keys_t *keys)
	Populate a fr_aka_sim_keys_t structure from attributes in the session-state list. More...
int	fr_aka_sim_vector_umts_from_attrs (request_t *request, fr_pair_list_t *vps, fr_aka_sim_keys_t *keys, fr_aka_sim_vector_src_t *src)
	Retrieve UMTS quintuplets from sets of attributes. More...
int	fr_aka_sim_vector_umts_kdf_1_reauth_from_attrs (request_t *request, fr_pair_list_t *vps, fr_aka_sim_keys_t *keys)
	Populate a fr_aka_sim_keys_t structure from attributes in the session-state list. More...
void	fr_aka_sim_vector_umts_reauth_clear (fr_aka_sim_keys_t *keys)
	Clear reauth data if reauthentication failed. More...
int	fr_aka_sim_xlat_func_register (void)
void	fr_aka_sim_xlat_func_unregister (void)

Variables
size_t const	fr_aka_sim_attr_sizes [FR_TYPE_MAX+1][2]
	SIM AT on-the-wire format attribute sizes. More...

Detailed Description

Functions common to SIM protocols (EAP-SIM/EAP-AKA/EAP-AKA')

Id

55c9e3c4af2bc24845620a17253c7aa658ddd2c6

The development of the EAP/SIM support was funded by Internet Foundation Austria (http://www.nic.at/ipa).

Copyright

2003 Michael Richardson mcr@s.nosp@m.ande.nosp@m.lman..nosp@m.otta.nosp@m.wa.on.nosp@m..ca

2003-2016 The FreeRADIUS server project

Definition in file base.h.

---

Data Structure Documentation

fr_aka_sim_checkcode_t

struct fr_aka_sim_checkcode_t

Stores our checkcode state.

The checkcode is a hash of all identity packets exchanged up until the challenge is sent.

It allows both parties to verify that they've seen the same sequence of packets.

Definition at line 140 of file base.h.

Data Fields
EVP_MD_CTX *	md_ctx	Context to hold state of digest as we consume packets.

fr_aka_sim_ctx_t

struct fr_aka_sim_ctx_t

Encoder/decoder ctx.

Definition at line 234 of file base.h.

Collaboration diagram for fr_aka_sim_ctx_t:

Data Fields
EVP_MD const *	checkcode_md	HMAC we use for calculating the checkcode.
eap_packet_t *	eap_packet	Needed for validating AT_MAC.
bool	have_iv	Whether we found the IV already.
uint8_t const *	hmac_extra	Extra data for the HMAC function.
size_t	hmac_extra_len
EVP_MD const *	hmac_md	HMAC digest algorithm, usually EVP_sha1().
uint8_t	iv[AKA_SIM_IV_SIZE]	From the current packet.
uint8_t const *	k_aut	The authentication key used for signing.
size_t	k_aut_len
uint8_t const *	k_encr	The encryption key used for encrypting. always 16 bytes.

fr_aka_sim_keys_t

struct fr_aka_sim_keys_t

Master key state struct for all SIMlike EAP protocols.

Definition at line 148 of file base.h.

Data Fields
struct fr_aka_sim_keys_t	__unnamed__
uint8_t	ck_prime[AKA_SIM_VECTOR_UMTS_CK_SIZE]	Derived from CK, for AKA'.
uint8_t	emsk[64]	Derived extended master session key.
uint8_t *	identity	Identity from AT_IDENTITY.
size_t	identity_len	Length of the identity.
uint8_t	ik_prime[AKA_SIM_VECTOR_UMTS_IK_SIZE]	Derived from IK, for AKA'.
uint8_t	k_aut[32]	Derived authentication key.
size_t	k_aut_len	Length of k_aut. 16 for AKA/SIM, 32 for AKA'.
uint8_t	k_encr[16]	Derived encryption key.
uint8_t	k_re[AKA_SIM_K_RE_SIZE]	Derived reauthentication key for AKA'(kdf 1).
uint8_t	mk[AKA_SIM_MK_MAX_SIZE]	Master key from session attributes.
size_t	mk_len
uint8_t	msk[64]	Derived master session key.
uint8_t *	network	Network name (EAP-AKA-Prime only).
size_t	network_len	Length of the network name (EAP-AKA-Prime only).
uint64_t	sqn	Sequence number.

fr_aka_sim_keys_t.__unnamed15__

struct fr_aka_sim_keys_t.__unnamed15__

Definition at line 160 of file base.h.

Data Fields
__unnamed15__	__unnamed__
__unnamed15__	auc
fr_aka_sim_vector_src_t	vector_src	Where the vector came from.
fr_aka_sim_vector_type_t	vector_type	What type of authentication vector we're using to authenticate the SIM.

fr_aka_sim_keys_t.__unnamed15__.__unnamed17__

union fr_aka_sim_keys_t.__unnamed15__.__unnamed17__

Definition at line 164 of file base.h.

Data Fields
__unnamed17__	gsm	Input to kdf_0_gsm.
__unnamed17__	reauth	Input/output from kdf_*_reauth_*.
__unnamed17__	umts	Input to kdf_*_umts.

fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.gsm

struct fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.gsm

Input to kdf_0_gsm.

Definition at line 167 of file base.h.

Data Fields
uint8_t	nonce_mt[EAP_SIM_NONCE_MT_SIZE]	Nonce provided by the client.
uint32_t	num_vectors	Number of input vectors we're using (2 or 3).
fr_aka_sim_vector_gsm_t	vector[3]	GSM vectors.
uint8_t	version_list[FR_MAX_STRING_LEN]	Version list from negotiation.
uint8_t	version_list_len	Length of version list.
uint8_t	version_select[2]	Version we agreed.

fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.reauth

struct fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.reauth

Input/output from kdf_*_reauth_*.

Definition at line 187 of file base.h.

Data Fields
uint16_t	counter	Re-authentication counter.
uint8_t	nonce_s[AKA_SIM_NONCE_S_SIZE]	Re-authentication challenge.
uint8_t	xkey_prime[20]	Derived reauthentication key for AKA (kdf 0).

fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.umts

struct fr_aka_sim_keys_t.__unnamed15__.__unnamed17__.umts

Input to kdf_*_umts.

Definition at line 180 of file base.h.

Data Fields
uint16_t	kdf_selected
fr_aka_sim_vector_umts_t	vector	UMTS vector.

fr_aka_sim_keys_t.__unnamed15__.auc

struct fr_aka_sim_keys_t.__unnamed15__.auc

Definition at line 198 of file base.h.

Data Fields
uint8_t	ki[AKA_SIM_KI_SIZE]	Secret shared between AuC and SIM.
uint8_t	opc[AKA_SIM_OPC_SIZE]	Operator algorithm input.

fr_aka_sim_vector_gsm_t

struct fr_aka_sim_vector_gsm_t

Definition at line 109 of file base.h.

Data Fields
union fr_aka_sim_vector_gsm_t	__unnamed__
union fr_aka_sim_vector_gsm_t	__unnamed__
uint8_t	rand[AKA_SIM_VECTOR_GSM_RAND_SIZE]	RAND challenge to the SIM.

fr_aka_sim_vector_gsm_t.__unnamed11__

union fr_aka_sim_vector_gsm_t.__unnamed11__

Definition at line 111 of file base.h.

Data Fields
uint8_t	sres[AKA_SIM_VECTOR_GSM_SRES_SIZE]	Signing response.
uint32_t	sres_uint32

fr_aka_sim_vector_gsm_t.__unnamed13__

union fr_aka_sim_vector_gsm_t.__unnamed13__

Definition at line 116 of file base.h.

Data Fields
uint8_t	kc[AKA_SIM_VECTOR_GSM_KC_SIZE]	Keying response.
uint64_t	kc_uint64

fr_aka_sim_vector_umts_t

struct fr_aka_sim_vector_umts_t

Definition at line 122 of file base.h.

Data Fields
uint8_t	ak[AKA_SIM_VECTOR_UMTS_AK_SIZE]	Anonymity key.
uint8_t	autn[AKA_SIM_VECTOR_UMTS_AUTN_SIZE]	Authentication vector from the AuC.
uint8_t	ck[AKA_SIM_VECTOR_UMTS_CK_SIZE]	Ciphering key.
uint8_t	ik[AKA_SIM_VECTOR_UMTS_IK_SIZE]	Integrity key.
uint8_t	rand[AKA_SIM_VECTOR_UMTS_RAND_SIZE]	RAND challenge to the SIM.
uint8_t	xres[AKA_SIM_VECTOR_UMTS_XRES_MAX_SIZE]	Signing response.
size_t	xres_len	Length of res (it's variable).

Macro Definition Documentation

AKA_PRIME_MK_REAUTH_SIZE

#define AKA_PRIME_MK_REAUTH_SIZE   80U

The portion of the MK used for re-auth.

The MSK and EMSK are omitted as they're recalculated each round.

Definition at line 59 of file base.h.

AKA_PRIME_MK_SIZE

#define AKA_PRIME_MK_SIZE   208U

Definition at line 55 of file base.h.

AKA_SIM_AUTH_SIZE

#define AKA_SIM_AUTH_SIZE   16U

Definition at line 44 of file base.h.

AKA_SIM_IV_SIZE

#define AKA_SIM_IV_SIZE   16U

Length of the IV used when processing AT_ENCR.

Definition at line 41 of file base.h.

AKA_SIM_K_RE_SIZE

#define AKA_SIM_K_RE_SIZE   32U

Reauthentication key size.

Definition at line 61 of file base.h.

AKA_SIM_KI_SIZE

#define AKA_SIM_KI_SIZE   16U

Length of secret data shared between SIM and AuC.

Definition at line 48 of file base.h.

AKA_SIM_MAC_DIGEST_SIZE

#define AKA_SIM_MAC_DIGEST_SIZE   16U

Length of MAC used to prevent packet modification.

Definition at line 42 of file base.h.

AKA_SIM_MAC_SIZE

#define AKA_SIM_MAC_SIZE   20U

Length of MAC used to prevent packet modification.

Definition at line 43 of file base.h.

AKA_SIM_MAX_STRING_LENGTH

#define AKA_SIM_MAX_STRING_LENGTH   1016U

Maximum size of a SIM/AKA['] string ((4 * 255) - 4).

Definition at line 40 of file base.h.

AKA_SIM_MK_MAX_SIZE

#define AKA_SIM_MK_MAX_SIZE   208U

Master key size, 20 for EAP-SIM/EAP-AKA.

208 for EAP-AKA'.

Definition at line 53 of file base.h.

AKA_SIM_MK_SIZE

#define AKA_SIM_MK_SIZE   20U

Definition at line 54 of file base.h.

AKA_SIM_NONCE_S_SIZE

#define AKA_SIM_NONCE_S_SIZE   16U

Length of re-authentication nonce.

Definition at line 46 of file base.h.

AKA_SIM_OP_SIZE

#define AKA_SIM_OP_SIZE   16U

Length of Operator Algorithm Configuration.

Definition at line 49 of file base.h.

AKA_SIM_OPC_SIZE

#define AKA_SIM_OPC_SIZE   16U

Length of modified Operator Algorithm Configuration.

Definition at line 50 of file base.h.

AKA_SIM_SKIPPABLE_MAX

#define AKA_SIM_SKIPPABLE_MAX   127U

The last non-skippable attribute.

Definition at line 63 of file base.h.

AKA_SIM_SQN_AK_SIZE

#define AKA_SIM_SQN_AK_SIZE   6U

Definition at line 45 of file base.h.

AKA_SIM_VECTOR_GSM_KC_SIZE

#define AKA_SIM_VECTOR_GSM_KC_SIZE   8U

Length of Kc in GSM triplet.

Definition at line 67 of file base.h.

AKA_SIM_VECTOR_GSM_RAND_SIZE

#define AKA_SIM_VECTOR_GSM_RAND_SIZE   16U

Length of RAND in GSM triplet.

Definition at line 65 of file base.h.

AKA_SIM_VECTOR_GSM_SRES_SIZE

#define AKA_SIM_VECTOR_GSM_SRES_SIZE   4U

Length of SRES in GSM triplet.

Definition at line 66 of file base.h.

AKA_SIM_VECTOR_UMTS_AK_SIZE

#define AKA_SIM_VECTOR_UMTS_AK_SIZE   6U

Definition at line 72 of file base.h.

AKA_SIM_VECTOR_UMTS_AUTN_SIZE

#define AKA_SIM_VECTOR_UMTS_AUTN_SIZE   16U

Definition at line 69 of file base.h.

AKA_SIM_VECTOR_UMTS_CK_SIZE

#define AKA_SIM_VECTOR_UMTS_CK_SIZE   16U

Definition at line 70 of file base.h.

AKA_SIM_VECTOR_UMTS_IK_SIZE

#define AKA_SIM_VECTOR_UMTS_IK_SIZE   16U

Definition at line 71 of file base.h.

AKA_SIM_VECTOR_UMTS_RAND_SIZE

#define AKA_SIM_VECTOR_UMTS_RAND_SIZE   16U

Definition at line 73 of file base.h.

AKA_SIM_VECTOR_UMTS_XRES_MAX_SIZE

#define AKA_SIM_VECTOR_UMTS_XRES_MAX_SIZE   16U

Definition at line 74 of file base.h.

EAP_AKA_AUTH_SIZE

#define EAP_AKA_AUTH_SIZE   16U

Definition at line 84 of file base.h.

EAP_AKA_AUTS_SIZE

#define EAP_AKA_AUTS_SIZE   14U

Server sequence number.

SIM checks this is within the correct range.

Definition at line 83 of file base.h.

EAP_AKA_PRIME_AUTH_SIZE

#define EAP_AKA_PRIME_AUTH_SIZE   32U

Definition at line 85 of file base.h.

EAP_AKA_SIM_AUTH_SIZE

#define EAP_AKA_SIM_AUTH_SIZE   16U

Definition at line 79 of file base.h.

EAP_SIM_NONCE_MT_SIZE

#define EAP_SIM_NONCE_MT_SIZE   16U

Length of challenge from SIM client.

Definition at line 77 of file base.h.

EAP_SIM_VERSION

#define EAP_SIM_VERSION   1U

Definition at line 76 of file base.h.

Enumeration Type Documentation

fr_aka_sim_vector_src_t

enum fr_aka_sim_vector_src_t

Where to get EAP-SIM vectors from.

Enumerator
AKA_SIM_VECTOR_SRC_AUTO	Discover where to get Triplets from automatically.
AKA_SIM_VECTOR_SRC_TRIPLETS	Source of triplets is EAP-SIM-* attributes.
AKA_SIM_VECTOR_SRC_QUINTUPLETS	Source of triplets is derived from EAP-AKA-* quintuplets.
AKA_SIM_VECTOR_SRC_KI	Should generate triplets locally using a Ki.
AKA_SIM_VECTOR_SRC_REAUTH	Not a vector. Result of running KDF 0 reauth function.

Definition at line 99 of file base.h.

fr_aka_sim_vector_type_t

enum fr_aka_sim_vector_type_t

The type of auth vector held by a fr_aka_sim_keys_t.

Enumerator
AKA_SIM_VECTOR_NONE
AKA_SIM_VECTOR_GSM	Vector is GSM triplets.
AKA_SIM_VECTOR_UMTS	Vector is UMTS quintuplets.
AKA_SIM_VECTOR_UMTS_REAUTH_KDF_0_REAUTH
AKA_SIM_VECTOR_UMTS_REAUTH_KDF_1_REAUTH

Definition at line 89 of file base.h.

Function Documentation

fr_aka_sim_attr_len()

size_t fr_aka_sim_attr_len

(

fr_pair_t const *

vp

)

Return the on-the-wire length of an attribute value.

Parameters

[in]

vp

to return the length of.

Returns

the length of the attribute.

Definition at line 227 of file base.c.

fr_aka_sim_crypto_finalise_checkcode()

ssize_t fr_aka_sim_crypto_finalise_checkcode	(	TALLOC_CTX *	ctx,
		uint8_t **	out,
		fr_aka_sim_checkcode_t *	checkcode
	)

Write out the final checkcode value.

Parameters

[in]	ctx	ctx to allocate buffer containing the checkcode.
[out]	out	talloced buffer containing the checkcode. bytes if MD was SHA1, or 32 bytes if MD was SHA256.
[in,out]	checkcode	structure to get final digest from and to tree.

Returns

• <= 0 on failure.
• > 0 the number of bytes written to out.

Definition at line 196 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_gsm_kdf_0()

int fr_aka_sim_crypto_gsm_kdf_0

(

fr_aka_sim_keys_t *

keys

)

Key Derivation Function as described in RFC4186 (EAP-SIM) section 7.

       MK     = SHA1(Identity|n*Kc| NONCE_MT| Version List| Selected Version)
       FK     = PRF(MK)
       K_encr = FK[0..127]
       K_aut  = FK[128..255]
       MSK    = FK[256..767]
       EMSK   = FK[768..1279]

Note

expects keys to contain a AKA_SIM_VECTOR_GSM.

Parameters

[in,out]

keys

Contains the authentication vectors and the buffers to store the result of the derivation.

Returns

• 0 on success.
• -1 on failure.

Definition at line 462 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_init_checkcode()

int fr_aka_sim_crypto_init_checkcode	(	TALLOC_CTX *	ctx,
		fr_aka_sim_checkcode_t **	checkcode,
		EVP_MD const *	md
	)

Initialise checkcode message digest.

Parameters

[in]	ctx	to allocate checkcode structure in.
[out]	checkcode	a new checkcode structure.
[in]	md	to use when calculating the checkcode, either EVP_sha1(), or EVP_sha256().

Returns

• 0 on success.
• -1 on failure.

Definition at line 114 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_kdf_0_reauth()

int fr_aka_sim_crypto_kdf_0_reauth

(

fr_aka_sim_keys_t *

keys

)

Key Derivation Function (Fast-Reauthentication) as described in RFC4186/7 (EAP-SIM/AKA) section 7.

       XKEY' = SHA1(Identity|counter|NONCE_S|MK)
       FK    = PRF(XKEY')
       MSK   = FK[0..511]
       EMSK  = FK[512..1023]

Derives new MSK, EMSK, k_aut, k_encr

Use fr_aka_sim_crypto_keys_init_kdf_0_reauth to populate the fr_aka_sim_keys_t structure.

Note

expects keys to contain a populated mk, none_s and counter values.

Parameters

[in,out]

keys

Contains the authentication vectors and the buffers to store the result of the derivation.

Returns

• 0 on success.
• -1 on failure.

Definition at line 990 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_keys_init_kdf_0_reauth()

void fr_aka_sim_crypto_keys_init_kdf_0_reauth	(	fr_aka_sim_keys_t *	keys,
		uint8_t const	mk[static AKA_SIM_MK_SIZE],
		uint16_t	counter
	)

Initialise fr_aka_sim_keys_t with EAP-SIM reauthentication data.

Generates a new nonce_s and copies the mk and counter values into the fr_aka_sim_keys_t.

Parameters

[out]	keys	structure to populate.
[in]	mk	from original authentication.
[in]	counter	re-authentication counter.

Definition at line 917 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_keys_init_umts_kdf_1_reauth()

void fr_aka_sim_crypto_keys_init_umts_kdf_1_reauth	(	fr_aka_sim_keys_t *	keys,
		uint8_t const	mk[static AKA_PRIME_MK_REAUTH_SIZE],
		uint16_t	counter
	)

Initialise fr_aka_sim_keys_t with EAP-AKA['] reauthentication data.

Generates a new nonce_s and copies the mk and counter values into the fr_aka_sim_keys_t.

Parameters

[out]	keys	structure to populate.
[in]	mk	from original authentication.
[in]	counter	re-authentication counter.

Definition at line 947 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_keys_log()

void fr_aka_sim_crypto_keys_log	(	request_t *	request,
		fr_aka_sim_keys_t *	keys
	)

Dump the current state of all keys associated with the EAP SIM session.

Parameters

[in]	request	The current request.
[in]	keys	SIM keys associated with the session.

Definition at line 1226 of file crypto.c.

Here is the caller graph for this function:

fr_aka_sim_crypto_sign_packet()

ssize_t fr_aka_sim_crypto_sign_packet	(	uint8_t	out[static AKA_SIM_MAC_DIGEST_SIZE],
		eap_packet_t *	eap_packet,
		bool	zero_mac,
		EVP_MD const *	md,
		uint8_t const *	key,
		size_t const	key_len,
		uint8_t const *	hmac_extra,
		size_t const	hmac_extra_len
	)

Calculate the digest value for a packet.

Run a digest over a fake EAP header, the entire SIM packet and any extra HMAC data, writing a truncated (16 byte) digest value to out.

Note

The 16 byte digest field in the packet must have either been zeroed out before this function is called (as it is when encoding data), or zero_mac must be set to true.

This function uses the EVP_* signing functions. Do not be tempted to swap them for the HMAC functions, as the EVP interface may be hardware accelerated but the HMAC interface is purely a software implementation.

Parameters

[out]	out	Where to write the digest.
[in]	eap_packet	to extract header values from.
[in]	zero_mac	Assume the mac field is not zeroed (i.e. received packet) and skip it during mac calculation feeding in 16 zeroed bytes in its place.
[in]	md	to use to create the HMAC.
[in]	key	to use to sign the packet.
[in]	key_len	Length of the key.
[in]	hmac_extra	data to concatenate with the packet when calculating the HMAC (may be NULL).
[in]	hmac_extra_len	Length of hmac_extra (may be zero).

Returns

• < 0 on failure.
• 0 if there's no MAC attribute to verify.
• > 0 the number of bytes written to out.

Definition at line 284 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_umts_kdf_0()

int fr_aka_sim_crypto_umts_kdf_0

(

fr_aka_sim_keys_t *

keys

)

Key Derivation Function as described in RFC4187 (EAP-AKA) section 7.

Note

expects keys to contain a AKA_SIM_VECTOR_UMTS.

       MK     = SHA1(Identity|IK|CK)
       FK     = PRF(MK)
       K_encr = FK[0..127]
       K_aut  = FK[128..255]
       MSK    = FK[256..767]
       EMSK   = FK[768..1279]

Parameters

[in,out]

keys

Contains the authentication vectors and the buffers to store the result of the derivation.

Returns

• 0 on success.
• -1 on failure.

Definition at line 564 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_umts_kdf_1()

int fr_aka_sim_crypto_umts_kdf_1

(

fr_aka_sim_keys_t *

keys

)

Key Derivation Function as described in RFC 5448 (EAP-AKA') section 3.3.

       MK     = PRF'(IK'|CK',"EAP-AKA'"|Identity)
       K_encr = MK[0..127]
       K_aut  = MK[128..383]
       K_re   = MK[384..639]
       MSK    = MK[640..1151]
       EMSK   = MK[1152..1663]

Note

expects keys to contain a AKA_SIM_VECTOR_UMTS.

Parameters

[in,out]

keys

Contains the authentication vectors and the buffers to store the result of the derivation.

Returns

• 0 on success.
• -1 on failure.

Definition at line 846 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_umts_kdf_1_reauth()

int fr_aka_sim_crypto_umts_kdf_1_reauth

(

fr_aka_sim_keys_t *

keys

)

Key Derivation Function (Fast-Reauthentication) as described in RFC 5448 (EAP-AKA') section 3.3.

       MK   = PRF'(K_re,"EAP-AKA' re-auth"|Identity|counter|NONCE_S)
       MSK  = MK[0..511]
       EMSK = MK[512..1023]

Parameters

[in,out]

keys

Contains the authentication vectors and the buffers to store the result of the derivation.

Returns

• 0 on success.
• -1 on failure.

Definition at line 1139 of file crypto.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_crypto_update_checkcode()

int fr_aka_sim_crypto_update_checkcode	(	fr_aka_sim_checkcode_t *	checkcode,
		eap_packet_t *	eap_packet
	)

Digest a packet, updating the checkcode.

Call fr_aka_sim_crypto_finalise_checkcode to obtain the final checkcode value.

Parameters

[in,out]	checkcode	if *checkcode is NULL, a new checkcode structure will be allocated and the message digest context will be initialised before the provided eap_packet is fed into the digest.
[in]	eap_packet	to digest.

Returns

• 0 on success.
• -1 on failure.

Definition at line 152 of file crypto.c.

Here is the caller graph for this function:

fr_aka_sim_decode()

int fr_aka_sim_decode	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		fr_dict_t const *	dict,
		uint8_t const *	data,
		size_t	data_len,
		fr_aka_sim_ctx_t *	decode_ctx
	)

Decode SIM/AKA/AKA' specific packet data.

Note

data should point to the subtype field in the EAP packet.

Extracts the SUBTYPE and adds it an attribute, then decodes any TLVs in the SIM/AKA/AKA' packet.

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Subtype | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The first byte of the data pointer should be the subtype.

Parameters

[in]	ctx	where to allocate the pairs.
[in]	out	where to write out attributes.
[in]	dict	for looking up attributes.
[in]	data	to convert to pairs.
[in]	data_len	length of data to convert.
[in]	decode_ctx	holds the state of the decoder.

Returns

• 0 on success.
• -1 on failure.

Definition at line 942 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_decode_pair()

ssize_t fr_aka_sim_decode_pair	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		fr_dict_attr_t const *	parent,
		uint8_t const *	data,
		size_t	data_len,
		void *	decode_ctx
	)

Decode SIM/AKA/AKA' attributes.

Parameters

[in]	ctx	to allocate attributes in.
[in]	out	where to insert the attributes.
[in]	parent	for looking up attributes.
[in]	data	data to parse.
[in]	data_len	length of data. For top level attributes packet_ctx must be the length of the packet (so we can hunt for AT_IV), for Sub-TLVs it should be the length of the container value.
[in]	decode_ctx	extra context to pass to the decoder.

Returns

• The number of bytes parsed.
• -1 on error.

Definition at line 909 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_encode()

ssize_t fr_aka_sim_encode	(	request_t *	request,
		fr_pair_list_t *	to_encode,
		void *	encode_ctx
	)

Definition at line 858 of file encode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_encode_pair()

ssize_t fr_aka_sim_encode_pair	(	fr_dbuff_t *	dbuff,
		fr_dcursor_t *	cursor,
		void *	encode_ctx
	)

Definition at line 799 of file encode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_fips186_2prf()

void fr_aka_sim_fips186_2prf	(	uint8_t	out[static 160],
		uint8_t	mk[static 20]
	)

Implement the FIPS-186-2 PRF to derive keying material from the MK.

run the FIPS-186-2 PRF on the given Master Key (160 bits) in order to derive 1280 bits (160 bytes) of keying data from it.

Given that in EAP-SIM, this is coming from a 64-bit Kc it seems like an awful lot of "randomness" to pull out..

Parameters

[out]	out	Buffer to contain the data derived from the mk.
[in]	mk	The master key we use to derive all other keying data.

Definition at line 91 of file fips186prf.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_free()

void fr_aka_sim_free

(

void

)

Definition at line 285 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_init()

int fr_aka_sim_init

(

void

)

Definition at line 254 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_octets_prefix_len()

size_t fr_aka_sim_octets_prefix_len

(

fr_dict_attr_t const *

da

)

Return the number of bytes before the octets value.

Definition at line 246 of file base.c.

Here is the caller graph for this function:

fr_aka_sim_umts_resync_from_attrs()

int fr_aka_sim_umts_resync_from_attrs	(	uint64_t *	new_sqn,
		request_t *	request,
		fr_pair_t *	auts_vp,
		fr_aka_sim_keys_t *	keys
	)

Perform milenage AUTS validation and resynchronisation.

Parameters

[out]	new_sqn	The new sequence number provided by the AUTS.
[in]	request	The current request.
[in]	auts_vp	The AUTS response.
[in]	keys	UMTS keys.

Returns

• 1 if we do not have sufficient data (lacking ki).
• 0 on success.
• -1 on validation failure.

Definition at line 935 of file vector.c.

Here is the call graph for this function:

fr_aka_sim_vector_gsm_from_attrs()

int fr_aka_sim_vector_gsm_from_attrs	(	request_t *	request,
		fr_pair_list_t *	vps,
		int	idx,
		fr_aka_sim_keys_t *	keys,
		fr_aka_sim_vector_src_t *	src
	)

Retrieve GSM triplets from sets of attributes.

Hunt for a source of SIM triplets

Parameters

[in]	request	The current subrequest.
[in]	vps	List to hunt for triplets in.
[in]	idx	To write EAP-SIM triplets to.
[in]	keys	EAP session keys.
[in]	src	Forces triplets to be retrieved from a particular src and ensures if multiple triplets are being retrieved that they all come from the same src.

Returns

• 1 Vector could not be retrieved from the specified src.
• 0 Vector was retrieved OK and written to the specified index.
• -1 Error retrieving vector from the specified src.

Definition at line 330 of file vector.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_vector_gsm_umts_kdf_0_reauth_from_attrs()

int fr_aka_sim_vector_gsm_umts_kdf_0_reauth_from_attrs	(	request_t *	request,
		fr_pair_list_t *	vps,
		fr_aka_sim_keys_t *	keys
	)

Populate a fr_aka_sim_keys_t structure from attributes in the session-state list.

Parameters

[in]	request	The current request.
[in]	vps	Session-state list
[in]	keys	key structure to populate.

Returns

• 1 if we do not have sufficient data.
• 0 on success.
• -1 on validation failure.

Definition at line 824 of file vector.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_vector_umts_from_attrs()

int fr_aka_sim_vector_umts_from_attrs	(	request_t *	request,
		fr_pair_list_t *	vps,
		fr_aka_sim_keys_t *	keys,
		fr_aka_sim_vector_src_t *	src
	)

Retrieve UMTS quintuplets from sets of attributes.

Hunt for a source of UMTS quintuplets

Parameters

request	The current request.
vps	List to hunt for triplets in.
keys	UMTS keys.
src	Forces quintuplets to be retrieved from a particular src.

Returns

• 1 Vector could not be retrieved from the specified src.
• 0 Vector was retrieved OK and written to the specified index.
• -1 Error retrieving vector from the specified src.

Definition at line 755 of file vector.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_vector_umts_kdf_1_reauth_from_attrs()

int fr_aka_sim_vector_umts_kdf_1_reauth_from_attrs	(	request_t *	request,
		fr_pair_list_t *	vps,
		fr_aka_sim_keys_t *	keys
	)

Populate a fr_aka_sim_keys_t structure from attributes in the session-state list.

Parameters

[in]	request	The current request.
[in]	vps	Session-state list
[in]	keys	key structure to populate.

Returns

• 1 if we do not have sufficient data.
• 0 on success.
• -1 on validation failure.

Definition at line 873 of file vector.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_vector_umts_reauth_clear()

void fr_aka_sim_vector_umts_reauth_clear

(

fr_aka_sim_keys_t *

keys

)

Clear reauth data if reauthentication failed.

Parameters

[in]

keys

key structure to clear.

Definition at line 917 of file vector.c.

Here is the caller graph for this function:

fr_aka_sim_xlat_func_register()

int fr_aka_sim_xlat_func_register

(

void

)

Definition at line 497 of file xlat.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_aka_sim_xlat_func_unregister()

void fr_aka_sim_xlat_func_unregister

(

void

)

Definition at line 521 of file xlat.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

fr_aka_sim_attr_sizes

size_t const fr_aka_sim_attr_sizes[FR_TYPE_MAX+1][2]

extern

SIM AT on-the-wire format attribute sizes.

Holds the min/max sizes of all supported SIM AT attribute values as they would be found in a SIM AT packet.

These sizes may be different than the sizes of INTERNAL formats, PRESENTATION formats and generic NETWORK formats.

Definition at line 205 of file base.c.