The FreeRADIUS server $Id: f3670dba8951ca10eb4948feb3dc3db9423a334f $
Loading...
Searching...
No Matches
xlat.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * @file src/lib/eap_aka_sim/xlat.c
19 * @brief EAP-SIM/EAP-AKA identity detection, creation, and decyption.
20 *
21 * Implements the encrypted IMSI scheme described in TS 33.402 Release 14,
22 * section 14.
23 *
24 * @copyright 2017 The FreeRADIUS server project
25 */
26
27#include <freeradius-devel/server/base.h>
28#include <freeradius-devel/unlang/xlat_func.h>
29
30#include "base.h"
31#include "attrs.h"
32
33static int aka_sim_xlat_refs = 0;
34
35
36static xlat_arg_parser_t const aka_sim_xlat_id_method_xlat_args[] = {
37 { .required = true, .single = true, .type = FR_TYPE_STRING },
38 XLAT_ARG_PARSER_TERMINATOR
39};
40
41/** Returns the SIM method EAP-SIM or EAP-AKA hinted at by the user identifier
42 *
43@verbatim
44%aka_sim_id_method(%{id_attr})
45@endverbatim
46 *
47 * @ingroup xlat_functions
48 */
49static xlat_action_t aka_sim_xlat_id_method_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
50 UNUSED xlat_ctx_t const *xctx,
51 request_t *request,
52 fr_value_box_list_t *in)
53{
54 char const *method;
55 fr_aka_sim_id_type_t type_hint;
56 fr_aka_sim_method_hint_t method_hint;
57 fr_value_box_t *id = fr_value_box_list_head(in);
58 fr_value_box_t *vb;
59
60 if (fr_aka_sim_id_type(&type_hint, &method_hint, id->vb_strvalue, id->vb_length) < 0) {
61 RPEDEBUG2("AKA/SIM Id \"%pV\" has unrecognised format", id);
62 return XLAT_ACTION_FAIL;
63 }
64
65 switch (method_hint) {
66 default:
67 case AKA_SIM_METHOD_HINT_UNKNOWN:
68 return XLAT_ACTION_DONE;
69
70 case AKA_SIM_METHOD_HINT_SIM:
71 method = fr_dict_enum_name_by_value(attr_eap_aka_sim_method_hint,
72 fr_box_uint32(FR_METHOD_HINT_VALUE_SIM));
73 break;
74
75 case AKA_SIM_METHOD_HINT_AKA:
76 method = fr_dict_enum_name_by_value(attr_eap_aka_sim_method_hint,
77 fr_box_uint32(FR_METHOD_HINT_VALUE_AKA));
78 break;
79
80 case AKA_SIM_METHOD_HINT_AKA_PRIME:
81 method = fr_dict_enum_name_by_value(attr_eap_aka_sim_method_hint,
82 fr_box_uint32(FR_METHOD_HINT_VALUE_AKA_PRIME));
83 break;
84 }
85
86 if (!method) {
87 REDEBUG2("No dictionary value name for method hint");
88 return XLAT_ACTION_FAIL;
89 }
90
91 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_STRING, NULL));
92 fr_value_box_bstrndup(vb, vb, NULL, method, strlen(method), false);
93 fr_dcursor_append(out, vb);
94
95 return XLAT_ACTION_DONE;
96}
97
98static xlat_arg_parser_t const aka_sim_xlat_id_type_xlat_args[] = {
99 { .required = true, .single = true, .type = FR_TYPE_STRING },
100 XLAT_ARG_PARSER_TERMINATOR
101};
102
103/** Returns the type of identity used
104 *
105@verbatim
106%aka_sim_id_type(%{id_attr})
107@endverbatim
108 *
109 * @ingroup xlat_functions
110 */
111static xlat_action_t aka_sim_xlat_id_type_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
112 UNUSED xlat_ctx_t const *xctx,
113 request_t *request, fr_value_box_list_t *in)
114{
115 char const *type;
116 fr_aka_sim_id_type_t type_hint;
117 fr_aka_sim_method_hint_t method_hint;
118 fr_value_box_t *id = fr_value_box_list_head(in);
119 fr_value_box_t *vb;
120
121 if (fr_aka_sim_id_type(&type_hint, &method_hint, id->vb_strvalue, id->vb_length) < 0) {
122 RPEDEBUG2("AKA/AKA/SIM Id \"%pV\" has unrecognised format", id);
123 return XLAT_ACTION_FAIL;
124 }
125
126 switch (type_hint) {
127 default:
128 case AKA_SIM_ID_TYPE_UNKNOWN:
129 return XLAT_ACTION_DONE;
130
131 case AKA_SIM_ID_TYPE_PERMANENT:
132 type = fr_dict_enum_name_by_value(attr_eap_aka_sim_identity_type,
133 fr_box_uint32(FR_IDENTITY_TYPE_VALUE_PERMANENT));
134 break;
135
136 case AKA_SIM_ID_TYPE_PSEUDONYM:
137 type = fr_dict_enum_name_by_value(attr_eap_aka_sim_identity_type,
138 fr_box_uint32(FR_IDENTITY_TYPE_VALUE_PSEUDONYM));
139 break;
140
141 case AKA_SIM_ID_TYPE_FASTAUTH:
142 type = fr_dict_enum_name_by_value(attr_eap_aka_sim_identity_type,
143 fr_box_uint32(FR_IDENTITY_TYPE_VALUE_FASTAUTH));
144 break;
145 }
146
147 if (!type) {
148 REDEBUG2("No dictionary value name for identity type");
149 return XLAT_ACTION_FAIL;
150 }
151
152 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_STRING, NULL));
153 fr_value_box_bstrndup(vb, vb, NULL, type, strlen(type), false);
154 fr_dcursor_append(out, vb);
155
156 return XLAT_ACTION_DONE;
157}
158
163
164/** Returns the key index from a 3gpp temporary id
165 *
166@verbatim
167%3gpp_temporary_id.key_index(%{id_attr})
168@endverbatim
169 *
170 * @ingroup xlat_functions
171 */
172static xlat_action_t aka_sim_id_3gpp_temporary_id_key_index_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
173 UNUSED xlat_ctx_t const *xctx,
174 request_t *request, fr_value_box_list_t *in)
175{
176 fr_value_box_t *id = fr_value_box_list_head(in);
177 fr_value_box_t *vb;
178
179 if (id->vb_length != AKA_SIM_3GPP_PSEUDONYM_LEN) {
180 REDEBUG2("3gpp pseudonym incorrect length, expected %u bytes, got %zu bytes",
181 AKA_SIM_3GPP_PSEUDONYM_LEN, id->vb_length);
182 return XLAT_ACTION_FAIL;
183 }
184
185 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_UINT8, NULL));
186 vb->vb_uint8 = fr_aka_sim_id_3gpp_pseudonym_tag(id->vb_strvalue);
187 fr_dcursor_append(out, vb);
188
189 return XLAT_ACTION_DONE;
190}
191
192static xlat_arg_parser_t aka_sim_3gpp_temporary_id_decrypt_xlat_args[] = {
193 { .required = true, .concat = true, .single = false, .type = FR_TYPE_STRING,
194 .func = NULL, .uctx = NULL },
195 { .required = true, .concat = true, .single = false, .type = FR_TYPE_OCTETS,
196 .func = NULL, .uctx = NULL },
197 { .required = false, .concat = false, .single = true, .type = FR_TYPE_BOOL,
198 .func = NULL, .uctx = NULL },
199 XLAT_ARG_PARSER_TERMINATOR
200};
201
202/** Decrypt a 3gpp temporary id
203 *
204 @verbatim
205 %3gpp_temporary_id.decrypt(<id> <key>)
206 @endverbatim
207 *
208 * The pseudonym is in the format
209 @verbatim
210 0 1 2 3
211 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
213 | Tag | KeyID | Encrypted IMSI
214 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
215 |
216 | Encrypted IMSI (cont) |
217 | |
218 | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
219 +-+-+-+-+-+-+-+-+-+-+
220 @endverbatim
221 *
222 * Tag (6 bits) - Used to mark the identity as a temporary pseudonym
223 * or re-authentication identity. The idea of this being 6 bits is
224 * so that we can choose values that match base64 sextets, so the
225 * first character in the base64 output matches one of the known tags
226 * for EAP-SIM/AKA/AKA' identities.
227 *
228 * Key Indicator (4 bits) - Used to select the appropriate key from
229 * multiple keys the server may have used to encrypt IMSIs.
230 *
231 * Encrypted IMSI (128 bits) - The original IMSI encrypted with
232 * AES-128-ECB.
233 *
234 * @ingroup xlat_functions
235 */
236static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
237 UNUSED xlat_ctx_t const *xctx,
238 request_t *request, fr_value_box_list_t *in)
239{
240 uint8_t tag;
241 char out_tag = '\0', *buff;
242
243 char decrypted[AKA_SIM_IMSI_MAX_LEN + 1];
244
245 fr_value_box_t *id_vb = fr_value_box_list_head(in);
246 char const *id = id_vb->vb_strvalue;
247 size_t id_len = id_vb->vb_length;
248
249 fr_value_box_t *key_vb = fr_value_box_list_next(in, id_vb);
250 /* coverity[dereference] */
251 uint8_t const *key = key_vb->vb_octets;
252 size_t key_len = key_vb->vb_length;
253
254 fr_value_box_t *tag_vb = fr_value_box_list_next(in, key_vb);
255 bool include_tag = true;
256
257 fr_value_box_t *vb;
258 fr_pair_t *eap_type;
259
260 if (tag_vb) include_tag = tag_vb->vb_bool;
261
262 if (id_len != (AKA_SIM_3GPP_PSEUDONYM_LEN)) {
263 REDEBUG2("3gpp pseudonym incorrect length, expected %u bytes, got %zu bytes",
264 AKA_SIM_3GPP_PSEUDONYM_LEN, id_len);
265 error:
266 return XLAT_ACTION_FAIL;
267 }
268
269 if (key_len != 16) {
270 REDEBUG2("Decryption key incorrect length, expected %i bytes, got %zu bytes", 16, key_len);
271 goto error;
272 }
273
274 if (include_tag) {
275 /*
276 * Figure out what tag we should add to the permanent id
277 */
278 eap_type = fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_type);
279 if (eap_type) {
280 if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) {
281 out_tag = ID_TAG_SIM_PERMANENT;
282 } else if (eap_type->vp_uint32 == enum_eap_type_aka->vb_uint32) {
283 out_tag = ID_TAG_AKA_PERMANENT;
284 } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) {
285 out_tag = ID_TAG_AKA_PRIME_PERMANENT;
286 } else {
287 goto use_existing_tag;
288 }
289 } else {
290 use_existing_tag:
291 tag = fr_aka_sim_id_3gpp_pseudonym_tag(id);
292 switch (tag) {
293 case ID_TAG_SIM_PSEUDONYM_B64:
294 case ID_TAG_SIM_FASTAUTH_B64:
295 out_tag = ID_TAG_SIM_PERMANENT;
296 break;
297
298 case ID_TAG_AKA_PSEUDONYM_B64:
299 case ID_TAG_AKA_FASTAUTH_B64:
300 out_tag = ID_TAG_AKA_PERMANENT;
301 break;
302
303 case ID_TAG_AKA_PRIME_PSEUDONYM_B64:
304 case ID_TAG_AKA_PRIME_FASTAUTH_B64:
305 out_tag = ID_TAG_AKA_PRIME_PERMANENT;
306 break;
307
308 default:
309 REDEBUG2("Unexpected tag value (%u) in AKA/SIM Id \"%pV\"", tag, fr_box_strvalue_len(id, id_len));
310 goto error;
311 }
312 }
313 }
314
315 RDEBUG2("Decrypting \"%pV\"", fr_box_strvalue_len(id, id_len));
316 if (fr_aka_sim_id_3gpp_pseudonym_decrypt(decrypted, id, key) < 0) {
317 RPEDEBUG2("Failed decrypting AKA/SIM Id");
318 goto error;
319 }
320
321 /*
322 * Recombine unencrypted IMSI with tag
323 */
324 MEM(vb = fr_value_box_alloc_null(ctx));
325 if (include_tag) {
326 MEM(fr_value_box_bstr_alloc(vb, &buff, vb, NULL, AKA_SIM_IMSI_MAX_LEN + 1, false) == 0);
327 *buff = out_tag;
328 memcpy(buff + 1, decrypted, AKA_SIM_IMSI_MAX_LEN);
329 } else {
330 MEM(fr_value_box_bstrndup(vb, vb, NULL, decrypted, AKA_SIM_IMSI_MAX_LEN, true) == 0);
331 }
332 fr_dcursor_append(out, vb);
333
334 return XLAT_ACTION_DONE;
335}
336
337static xlat_arg_parser_t aka_sim_3gpp_temporary_id_encrypt_xlat_args[] = {
338 { .required = true, .concat = true, .single = false, .type = FR_TYPE_STRING },
339 { .required = true, .concat = true, .single = false, .type = FR_TYPE_OCTETS },
340 { .required = true, .concat = false, .single = true, .type = FR_TYPE_UINT8 },
341 { .required = false, .concat = false, .single = true, .type = FR_TYPE_STRING },
342 XLAT_ARG_PARSER_TERMINATOR
343};
344
345/** Encrypts a 3gpp pseudonym
346 *
347@verbatim
348%3gpp_temporary_id.encrypt(<id>, <key>, <index>, [(pseudonym|fastauth)])
349@endverbatim
350 *
351 * @ingroup xlat_functions
352 */
353static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
354 UNUSED xlat_ctx_t const *xctx,
355 request_t *request, fr_value_box_list_t *in)
356{
357 char encrypted[AKA_SIM_3GPP_PSEUDONYM_LEN + 1];
358 uint8_t tag = 0;
359
360 char const *id_p, *id_end;
361 fr_aka_sim_id_type_t type_hint;
362 fr_aka_sim_method_hint_t method_hint;
363
364 fr_value_box_t *id_vb = fr_value_box_list_head(in);
365 char const *id = id_vb->vb_strvalue;
366 size_t id_len = id_vb->vb_length;
367
368 fr_value_box_t *key_vb = fr_value_box_list_next(in, id_vb);
369 /* coverity[dereference] */
370 uint8_t const *key = key_vb->vb_octets;
371 size_t key_len = key_vb->vb_length;
372
373 fr_value_box_t *index_vb = fr_value_box_list_next(in, key_vb);
374 uint8_t key_index = index_vb->vb_uint8;
375
376 fr_value_box_t *type_vb = fr_value_box_list_next(in, index_vb);
377
378 bool fastauth = false;
379
380 fr_value_box_t *vb;
381
382 /*
383 * Get the key index
384 */
385 if (key_index > 15) {
386 REDEBUG2("Key index must be between 0-15");
387 error:
388 return XLAT_ACTION_FAIL;
389 }
390
391 if (key_len != 16) {
392 REDEBUG2("Encryption key incorrect length, expected %i bytes, got %zu bytes", 16, key_len);
393 goto error;
394 }
395
396 /*
397 * Check for the optional type argument
398 */
399 if (type_vb) {
400 fr_dict_enum_value_t const *type_enum;
401
402 type_enum = fr_dict_enum_by_name(attr_eap_aka_sim_identity_type,
403 type_vb->vb_strvalue, type_vb->vb_length);
404 if (!type_enum) {
405 bad_type:
406 REDEBUG2("Bad type %pV, must be one of 'fastauth' or 'pseudonym'", type_vb);
407 goto error;
408 }
409
410 switch (type_enum->value->vb_uint32) {
411 case FR_IDENTITY_TYPE_VALUE_PSEUDONYM:
412 break;
413
414 case FR_IDENTITY_TYPE_VALUE_FASTAUTH:
415 fastauth = true;
416 break;
417
418 default:
419 goto bad_type;
420 }
421 }
422
423 /*
424 * Determine what type/method hints are in the current ID.
425 */
426 if (id_len == (AKA_SIM_IMSI_MAX_LEN + 1)) { /* +1 for ID tag */
427 if (fr_aka_sim_id_type(&type_hint, &method_hint, id, id_len) < 0) {
428 RPEDEBUG2("ID \"%pV\" has unrecognised format", fr_box_strvalue_len(id, id_len));
429 goto error;
430 }
431
432 if (type_hint != AKA_SIM_ID_TYPE_PERMANENT) {
433 REDEBUG2("ID \"%pV\" is not a permanent identity (IMSI)", fr_box_strvalue_len(id, id_len));
434 goto error;
435 }
436
437 switch (method_hint) {
438 case AKA_SIM_METHOD_HINT_SIM:
439 tag = !fastauth ? ID_TAG_SIM_PSEUDONYM_B64 : ID_TAG_SIM_FASTAUTH_B64;
440 break;
441
442 case AKA_SIM_METHOD_HINT_AKA:
443 tag = !fastauth ? ID_TAG_AKA_PSEUDONYM_B64 : ID_TAG_AKA_FASTAUTH_B64;
444 break;
445
446 case AKA_SIM_METHOD_HINT_AKA_PRIME:
447 tag = !fastauth ? ID_TAG_AKA_PRIME_PSEUDONYM_B64 : ID_TAG_AKA_PRIME_FASTAUTH_B64;
448 break;
449
450 case AKA_SIM_METHOD_HINT_UNKNOWN:
451 case AKA_SIM_METHOD_HINT_MAX:
452 REDEBUG2("ID \"%pV\" does not contain a method hint", fr_box_strvalue_len(id, id_len));
453 goto error;
454 }
455
456 id_p = id + 1;
457 id_end = (id_p + id_len) - 1;
458 /*
459 * ID lacks a hint byte, figure it out from &request.EAP-Type
460 */
461 } else if ((id_len >= AKA_SIM_IMSI_MIN_LEN) && (id_len <= AKA_SIM_IMSI_MAX_LEN)) {
462 fr_pair_t *eap_type;
463
464 eap_type = fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_type);
465 if (!eap_type) {
466 REDEBUG("ID does not contain method hint, and no request.EAP-Type found. "
467 "Don't know what tag to prepend to encrypted identity");
468 goto error;
469 }
470
471 if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) {
472 tag = !fastauth ? ID_TAG_SIM_PSEUDONYM_B64 : ID_TAG_SIM_FASTAUTH_B64;
473 } else if (eap_type->vp_uint32 == enum_eap_type_aka->vb_uint32) {
474 tag = !fastauth ? ID_TAG_AKA_PSEUDONYM_B64 : ID_TAG_AKA_FASTAUTH_B64;
475 } else if (eap_type->vp_uint32 == enum_eap_type_aka_prime->vb_uint32) {
476 tag = !fastauth ? ID_TAG_AKA_PRIME_PSEUDONYM_B64 : ID_TAG_AKA_PRIME_FASTAUTH_B64;
477 } else {
478 REDEBUG("request.EAP-Type does not match a SIM based EAP-Type (SIM, AKA, AKA-Prime)");
479 goto error;
480 }
481
482 id_p = id;
483 id_end = id_p + id_len;
484 } else {
485 REDEBUG2("IMSI incorrect length, expected %u bytes, got %zu bytes", AKA_SIM_IMSI_MAX_LEN + 1,
486 id_len);
487 goto error;
488
489 }
490
491 /*
492 * Encrypt the IMSI
493 *
494 * Strip existing tag from the permanent id
495 */
496 if (fr_aka_sim_id_3gpp_pseudonym_encrypt(encrypted, id_p, id_end - id_p, tag, (uint8_t)key_index, key) < 0) {
497 RPEDEBUG2("Failed encrypting SIM ID \"%pV\"", fr_box_strvalue_len(id, id_len));
498 return XLAT_ACTION_FAIL;
499 }
500
501 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_STRING, NULL));
502 fr_value_box_bstrndup(vb, vb, NULL, encrypted, strlen(encrypted), false);
503 fr_dcursor_append(out, vb);
504
505 return XLAT_ACTION_DONE;
506}
507
508int fr_aka_sim_xlat_func_register(void)
509{
510 xlat_t *xlat;
511
512 if (aka_sim_xlat_refs) {
513 aka_sim_xlat_refs++;
514 return 0;
515 }
516
517 if (unlikely((xlat = xlat_func_register(NULL, "aka_sim_id_method", aka_sim_xlat_id_method_xlat, FR_TYPE_STRING)) == NULL)) return -1;
518 xlat_func_args_set(xlat, aka_sim_xlat_id_method_xlat_args);
519 if (unlikely((xlat = xlat_func_register(NULL, "aka_sim_id_type", aka_sim_xlat_id_type_xlat, FR_TYPE_STRING)) == NULL)) return -1;
520 xlat_func_args_set(xlat, aka_sim_xlat_id_type_xlat_args);
521 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id_key_index", aka_sim_id_3gpp_temporary_id_key_index_xlat, FR_TYPE_UINT8)) == NULL)) return -1;
522 xlat_func_args_set(xlat, aka_sim_id_3gpp_temporary_id_key_index_xlat_args);
523 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id.key_index", aka_sim_id_3gpp_temporary_id_key_index_xlat, FR_TYPE_UINT8)) == NULL)) return -1;
524 xlat_func_args_set(xlat, aka_sim_id_3gpp_temporary_id_key_index_xlat_args);
525
526 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id_decrypt", aka_sim_3gpp_temporary_id_decrypt_xlat, FR_TYPE_STRING)) == NULL)) return -1;
527 xlat_func_args_set(xlat, aka_sim_3gpp_temporary_id_decrypt_xlat_args);
528
529 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id.decrypt", aka_sim_3gpp_temporary_id_decrypt_xlat, FR_TYPE_STRING)) == NULL)) return -1;
530 xlat_func_args_set(xlat, aka_sim_3gpp_temporary_id_decrypt_xlat_args);
531
532 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id_encrypt", aka_sim_3gpp_temporary_id_encrypt_xlat, FR_TYPE_STRING)) == NULL)) return -1;
533 xlat_func_args_set(xlat, aka_sim_3gpp_temporary_id_encrypt_xlat_args);
534 if (unlikely((xlat = xlat_func_register(NULL, "3gpp_temporary_id.encrypt", aka_sim_3gpp_temporary_id_encrypt_xlat, FR_TYPE_STRING)) == NULL)) return -1;
535 xlat_func_args_set(xlat, aka_sim_3gpp_temporary_id_encrypt_xlat_args);
536
537 aka_sim_xlat_refs = 1;
538
539 return 0;
540}
541
542void fr_aka_sim_xlat_func_unregister(void)
543{
544 if (aka_sim_xlat_refs > 1) {
545 aka_sim_xlat_refs--;
546 return;
547 }
548
549 xlat_func_unregister("aka_sim_id_method");
550 xlat_func_unregister("aka_sim_id_type");
551 xlat_func_unregister("3gpp_temporary_id_key_index");
552 xlat_func_unregister("3gpp_temporary_id.key_index");
553 xlat_func_unregister("3gpp_temporary_id_decrypt");
554 xlat_func_unregister("3gpp_temporary_id.decrypt");
555 xlat_func_unregister("3gpp_temporary_id_encrypt");
556 xlat_func_unregister("3gpp_temporary_id.encrypt");
557 aka_sim_xlat_refs = 0;
558}
unlikely
#define unlikely(_x)
Definition build.h:407
UNUSED
#define UNUSED
Definition build.h:336
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:91
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_enum_value_t::value
fr_value_box_t const * value
Enum value (what name maps to).
Definition dict.h:257
fr_dict_enum_name_by_value
char const * fr_dict_enum_name_by_value(fr_dict_attr_t const *da, fr_value_box_t const *value)
Lookup the name of an enum value in a fr_dict_attr_t.
Definition dict_util.c:3665
fr_dict_enum_by_name
fr_dict_enum_value_t const * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition dict_util.c:3678
in
static fr_slen_t in
Definition dict.h:882
fr_dict_enum_value_t
Value of an enumerated attribute.
Definition dict.h:253
eap_type
eap_type
Definition types.h:44
aka_sim_3gpp_temporary_id_encrypt_xlat_args
static xlat_arg_parser_t aka_sim_3gpp_temporary_id_encrypt_xlat_args[]
Definition xlat.c:337
aka_sim_id_3gpp_temporary_id_key_index_xlat_args
static xlat_arg_parser_t const aka_sim_id_3gpp_temporary_id_key_index_xlat_args[]
Definition xlat.c:159
aka_sim_xlat_id_method_xlat_args
static xlat_arg_parser_t const aka_sim_xlat_id_method_xlat_args[]
Definition xlat.c:36
fr_aka_sim_xlat_func_register
int fr_aka_sim_xlat_func_register(void)
Definition xlat.c:508
aka_sim_3gpp_temporary_id_decrypt_xlat_args
static xlat_arg_parser_t aka_sim_3gpp_temporary_id_decrypt_xlat_args[]
Definition xlat.c:192
aka_sim_xlat_id_type_xlat_args
static xlat_arg_parser_t const aka_sim_xlat_id_type_xlat_args[]
Definition xlat.c:98
aka_sim_xlat_refs
static int aka_sim_xlat_refs
Definition xlat.c:33
fr_aka_sim_xlat_func_unregister
void fr_aka_sim_xlat_func_unregister(void)
Definition xlat.c:542
aka_sim_id_3gpp_temporary_id_key_index_xlat
static xlat_action_t aka_sim_id_3gpp_temporary_id_key_index_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Returns the key index from a 3gpp temporary id.
Definition xlat.c:172
aka_sim_xlat_id_method_xlat
static xlat_action_t aka_sim_xlat_id_method_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Returns the SIM method EAP-SIM or EAP-AKA hinted at by the user identifier.
Definition xlat.c:49
aka_sim_xlat_id_type_xlat
static xlat_action_t aka_sim_xlat_id_type_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Returns the type of identity used.
Definition xlat.c:111
aka_sim_3gpp_temporary_id_encrypt_xlat
static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Encrypts a 3gpp pseudonym.
Definition xlat.c:353
aka_sim_3gpp_temporary_id_decrypt_xlat
static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Decrypt a 3gpp temporary id.
Definition xlat.c:236
attr_eap_type
HIDDEN fr_dict_attr_t const * attr_eap_type
Definition base.c:90
enum_eap_type_aka
fr_value_box_t const * enum_eap_type_aka
Definition base.c:186
enum_eap_type_sim
fr_value_box_t const * enum_eap_type_sim
Definition base.c:185
enum_eap_type_aka_prime
fr_value_box_t const * enum_eap_type_aka_prime
Definition base.c:187
attr_eap_aka_sim_method_hint
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_method_hint
Definition base.c:85
attr_eap_aka_sim_identity_type
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_identity_type
Definition base.c:74
fr_aka_sim_id_3gpp_pseudonym_decrypt
int fr_aka_sim_id_3gpp_pseudonym_decrypt(char out[AKA_SIM_IMSI_MAX_LEN+1], char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN], uint8_t const key[16])
Decrypt the 3GPP pseudonym.
Definition id.c:576
fr_aka_sim_id_3gpp_pseudonym_tag
uint8_t fr_aka_sim_id_3gpp_pseudonym_tag(char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
Return the tag from a 3gpp pseudonym.
Definition id.c:550
fr_aka_sim_id_3gpp_pseudonym_encrypt
int fr_aka_sim_id_3gpp_pseudonym_encrypt(char out[AKA_SIM_3GPP_PSEUDONYM_LEN+1], char const *imsi, size_t imsi_len, uint8_t tag, uint8_t key_ind, uint8_t const key[16])
Create a 3gpp pseudonym from a permanent ID.
Definition id.c:397
fr_aka_sim_id_type
int fr_aka_sim_id_type(fr_aka_sim_id_type_t *type, fr_aka_sim_method_hint_t *hint, char const *id, size_t id_len)
Determine what type of ID was provided in the initial identity response.
Definition id.c:167
ID_TAG_SIM_PSEUDONYM_B64
#define ID_TAG_SIM_PSEUDONYM_B64
Definition id.h:90
ID_TAG_AKA_PSEUDONYM_B64
#define ID_TAG_AKA_PSEUDONYM_B64
Definition id.h:92
AKA_SIM_IMSI_MAX_LEN
#define AKA_SIM_IMSI_MAX_LEN
Length of an IMSI number in ASCII.
Definition id.h:32
ID_TAG_AKA_FASTAUTH_B64
#define ID_TAG_AKA_FASTAUTH_B64
Definition id.h:93
ID_TAG_SIM_FASTAUTH_B64
#define ID_TAG_SIM_FASTAUTH_B64
Definition id.h:91
ID_TAG_AKA_PRIME_PSEUDONYM_B64
#define ID_TAG_AKA_PRIME_PSEUDONYM_B64
Definition id.h:94
ID_TAG_AKA_PERMANENT
@ ID_TAG_AKA_PERMANENT
IMSI, and hint that client wants to do EAP-AKA.
Definition id.h:66
ID_TAG_SIM_PERMANENT
@ ID_TAG_SIM_PERMANENT
IMSI, and hint that client wants to do EAP-SIM.
Definition id.h:62
ID_TAG_AKA_PRIME_PERMANENT
@ ID_TAG_AKA_PRIME_PERMANENT
IMSI, and hint that client wants to do EAP-AKA-Prime.
Definition id.h:70
fr_aka_sim_method_hint_t
fr_aka_sim_method_hint_t
SIM/AKA method hints.
Definition id.h:39
AKA_SIM_METHOD_HINT_AKA
@ AKA_SIM_METHOD_HINT_AKA
The identity hints the supplicant wants to use EAP-AKA.
Definition id.h:43
AKA_SIM_METHOD_HINT_SIM
@ AKA_SIM_METHOD_HINT_SIM
The identity hints the supplicant wants to use EAP-SIM.
Definition id.h:41
AKA_SIM_METHOD_HINT_AKA_PRIME
@ AKA_SIM_METHOD_HINT_AKA_PRIME
Definition id.h:45
AKA_SIM_METHOD_HINT_MAX
@ AKA_SIM_METHOD_HINT_MAX
Definition id.h:46
AKA_SIM_METHOD_HINT_UNKNOWN
@ AKA_SIM_METHOD_HINT_UNKNOWN
We don't know what method the identity hints at.
Definition id.h:40
AKA_SIM_IMSI_MIN_LEN
#define AKA_SIM_IMSI_MIN_LEN
Minimum length of an IMSI number in ASCII.
Definition id.h:33
AKA_SIM_3GPP_PSEUDONYM_LEN
#define AKA_SIM_3GPP_PSEUDONYM_LEN
Length of a base64 encoded 3gpp pseudonym.
Definition id.h:31
fr_aka_sim_id_type_t
fr_aka_sim_id_type_t
SIM/AKA identity type hints.
Definition id.h:53
AKA_SIM_ID_TYPE_UNKNOWN
@ AKA_SIM_ID_TYPE_UNKNOWN
We don't know what type of identity this is.
Definition id.h:54
AKA_SIM_ID_TYPE_PSEUDONYM
@ AKA_SIM_ID_TYPE_PSEUDONYM
This is a custom pseudonym.
Definition id.h:56
AKA_SIM_ID_TYPE_PERMANENT
@ AKA_SIM_ID_TYPE_PERMANENT
This is a permanent identity (the IMSI of the SIM).
Definition id.h:55
AKA_SIM_ID_TYPE_FASTAUTH
@ AKA_SIM_ID_TYPE_FASTAUTH
This is a fastauth (session-resumption) id.
Definition id.h:57
ID_TAG_AKA_PRIME_FASTAUTH_B64
#define ID_TAG_AKA_PRIME_FASTAUTH_B64
Definition id.h:95
RPEDEBUG2
#define RPEDEBUG2(fmt,...)
Definition log.h:389
REDEBUG2
#define REDEBUG2(fmt,...)
Definition log.h:384
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT8
@ FR_TYPE_UINT8
8 Bit unsigned integer.
Definition merged_model.c:97
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:707
attrs.h
VQP attributes.
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient-ng.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient-ng.h:54
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:37
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3648
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
xlat_arg_parser_t::required
unsigned int required
Argument must be present, and non-empty.
Definition xlat.h:146
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:170
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_FAIL
@ XLAT_ACTION_FAIL
An xlat function failed.
Definition xlat.h:44
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumed by an xlat function.
Definition xlat.h:145
base.h
Master include file to access all functions and structures in the library.
fr_value_box_bstr_alloc
int fr_value_box_bstr_alloc(TALLOC_CTX *ctx, char **out, fr_value_box_t *dst, fr_dict_attr_t const *enumv, size_t len, bool tainted)
Alloc and assign an empty \0 terminated string to a fr_value_box_t.
Definition value.c:4764
fr_value_box_bstrndup
int fr_value_box_bstrndup(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, size_t len, bool tainted)
Copy a string to to a fr_value_box_t.
Definition value.c:4838
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:644
fr_box_strvalue_len
#define fr_box_strvalue_len(_val, _len)
Definition value.h:309
fr_value_box_alloc_null
#define fr_value_box_alloc_null(_ctx)
Allocate a value box for later use with a value assignment function.
Definition value.h:655
fr_box_uint32
#define fr_box_uint32(_val)
Definition value.h:335
out
static size_t char ** out
Definition value.h:1030
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:365
xlat_func_register
xlat_t * xlat_func_register(TALLOC_CTX *ctx, char const *name, xlat_func_t func, fr_type_t return_type)
Register an xlat function.
Definition xlat_func.c:216
xlat_func_unregister
void xlat_func_unregister(char const *name)
Unregister an xlat function.
Definition xlat_func.c:509
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8