EAP-SIM/EAP-AKA identity detection, creation, and decyption. More...

#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/base64.h>
#include <freeradius-devel/util/rand.h>
#include <openssl/evp.h>
#include "base.h"
#include "id.h"
#include "crypto_priv.h"

Include dependency graph for id.c:

Go to the source code of this file.

Macros
#define	us(x) (uint8_t) x

Functions
ssize_t	fr_aka_sim_3gpp_root_nai_domain_mcc_mnc (uint16_t mnc, uint16_t mcc, char const *domain, size_t domain_len)
	Extract the MCC and MCN from the 3GPP domain.

char const *	fr_aka_sim_domain (char const *nai, size_t nai_len)
	Find where in the NAI string the domain starts.

char	fr_aka_sim_hint_byte (fr_aka_sim_id_type_t type, fr_aka_sim_method_hint_t method)
	Return the expected identity hint for a given type/method combination.

int	fr_aka_sim_id_3gpp_pseudonym_decrypt (char out[AKA_SIM_IMSI_MAX_LEN+1], char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN], uint8_t const key[16])
	Decrypt the 3GPP pseudonym.

int	fr_aka_sim_id_3gpp_pseudonym_encrypt (char out[AKA_SIM_3GPP_PSEUDONYM_LEN+1], char const *imsi, size_t imsi_len, uint8_t tag, uint8_t key_ind, uint8_t const key[16])
	Create a 3gpp pseudonym from a permanent ID.

uint8_t	fr_aka_sim_id_3gpp_pseudonym_key_index (char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
	Return the key index from a 3gpp pseudonym.

uint8_t	fr_aka_sim_id_3gpp_pseudonym_tag (char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
	Return the tag from a 3gpp pseudonym.

eap_type_t	fr_aka_sim_id_to_eap_type (char const *id, size_t len)
	Determine if a given identity is a 3gpp identity, and return the EAP method hinted.

int	fr_aka_sim_id_type (fr_aka_sim_id_type_t type, fr_aka_sim_method_hint_t hint, char const *id, size_t id_len)
	Determine what type of ID was provided in the initial identity response.

size_t	fr_aka_sim_id_user_len (char const *nai, size_t nai_len)
	Find where the identity ends.

Variables
fr_table_num_sorted_t const	fr_aka_sim_id_method_table []

size_t	fr_aka_sim_id_method_table_len = NUM_ELEMENTS(fr_aka_sim_id_method_table)

fr_table_num_sorted_t const	fr_aka_sim_id_request_table []

size_t	fr_aka_sim_id_request_table_len = NUM_ELEMENTS(fr_aka_sim_id_request_table)

static char	hint_byte_matrix [AKA_SIM_METHOD_HINT_MAX][AKA_SIM_ID_TYPE_MAX]

Detailed Description

EAP-SIM/EAP-AKA identity detection, creation, and decyption.

Copyright: 2017 The FreeRADIUS server project

Definition in file id.c.

Macro Definition Documentation

◆ us

#define us ( x ) (uint8_t) x

Definition at line 31 of file id.c.

Function Documentation

◆ fr_aka_sim_3gpp_root_nai_domain_mcc_mnc()

ssize_t fr_aka_sim_3gpp_root_nai_domain_mcc_mnc	(	uint16_t *	mnc,
		uint16_t *	mcc,
		char const *	domain,
		size_t	domain_len
	)

Extract the MCC and MCN from the 3GPP domain.

3GPP Root NAI domain format wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org.

Parameters

[out]	mnc	Mobile network code.
[out]	mcc	Mobile country code.
[in]	domain	to parse.
[in]	domain_len	Length of the domain component.

Returns

number of bytes parsed.
<= 0 on error - The negative offset of where parsing failed.

Definition at line 97 of file id.c.

Here is the caller graph for this function:

◆ fr_aka_sim_domain()

char const * fr_aka_sim_domain	(	char const *	nai,
		size_t	nai_len
	)

Find where in the NAI string the domain starts.

Parameters

[in]	nai	we're attempting to split.
[in]	nai_len	The length of the NAI string.

Returns

A pointer to where the domain portion of the domain starts.
NULL if there was no @ in the identity.

Definition at line 75 of file id.c.

Here is the caller graph for this function:

◆ fr_aka_sim_hint_byte()

char fr_aka_sim_hint_byte	(	fr_aka_sim_id_type_t	type,
		fr_aka_sim_method_hint_t	method
	)

Return the expected identity hint for a given type/method combination.

Parameters

[in]	type	Whether this is a permanent, pseudonym or fastauth ID
[in]	method	What EAP-Method the identity hints at.

Returns

An IMSI tag byte [0-9] (ASCII)
'\0' if either the method or type values are unknown.

Definition at line 375 of file id.c.

Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_decrypt()

int fr_aka_sim_id_3gpp_pseudonym_decrypt	(	char	out[AKA_SIM_IMSI_MAX_LEN+1],
		char const	encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN],
		uint8_t const	key[16]
	)

Decrypt the 3GPP pseudonym.

Parameters

[out]	out	Where to write the decypted, uncompressed IMSI.
[in]	encr_id	to decypt. Will read exactly 23 bytes from the buffer.
[in]	key	to use to decrypt the encrypted and compressed IMSI. Must be 128 bits (16 bytes).

Returns

0 on success.
-1 if any of the parameters were invalid.

Definition at line 576 of file id.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_encrypt()

int fr_aka_sim_id_3gpp_pseudonym_encrypt	(	char	out[AKA_SIM_3GPP_PSEUDONYM_LEN+1],
		char const *	imsi,
		size_t	imsi_len,
		uint8_t	tag,
		uint8_t	key_ind,
		uint8_t const	key[16]
	)

Create a 3gpp pseudonym from a permanent ID.

Parameters

[out]	out	Where to write the resulting pseudonym, must be a buffer of exactly AKA_SIM_3GPP_PSEUDONYM_LEN + 1 bytes.
[in]	imsi	Permanent ID to derive pseudonym from. Note: If the IMSI is less than 15 digits it will be rpadded with zeros.
[in]	imsi_len	Length of the IMSI. Must be between 1-15.
[in]	tag	Tag value to prepend to the pseudonym. This field is 6 bits (0-63).
[in]	key_ind	Key indicator (or key index), the key number used to produce the encr ID. There may be up to 16 keys in use at any one time. This field is 4 bits (0-15).
[in]	key	as described by the 'Security aspects of non-3GPP accesses' document. Must be 128 bits (16 bytes).

Returns

0 on success.
-1 if any of the parameters were invalid.

Definition at line 397 of file id.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_key_index()

uint8_t fr_aka_sim_id_3gpp_pseudonym_key_index ( char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN] )

Return the key index from a 3gpp pseudonym.

Parameters

[in] encr_id The 3gpp pseudonym.

Returns: the key index associated with the pseudonym.

Definition at line 561 of file id.c.

◆ fr_aka_sim_id_3gpp_pseudonym_tag()

uint8_t fr_aka_sim_id_3gpp_pseudonym_tag ( char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN] )

Return the tag from a 3gpp pseudonym.

Parameters

[in] encr_id The 3gpp pseudonym.

Returns: the tag associated with the pseudonym.

Definition at line 550 of file id.c.

Here is the caller graph for this function:

◆ fr_aka_sim_id_to_eap_type()

eap_type_t fr_aka_sim_id_to_eap_type	(	char const *	id,
		size_t	len
	)

Determine if a given identity is a 3gpp identity, and return the EAP method hinted.

Parameters

[in]	id	to check.
[in]	len	Length of the id.

Returns

FR_EAP_METHOD_INVALID if this is not a 3gpp identity.
FR_EAP_METHOD_AKA_PRIME if this is an AKA-Prime identity.
FR_EAP_METHOD_AKA if this is an AKA identity.
FR_EAP_METHOD_SIM if this is a SIM identity.

Definition at line 306 of file id.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_aka_sim_id_type()

int fr_aka_sim_id_type	(	fr_aka_sim_id_type_t *	type,
		fr_aka_sim_method_hint_t *	hint,
		char const *	id,
		size_t	id_len
	)

Determine what type of ID was provided in the initial identity response.

Parameters

[out]	hint	Whether this is a hint to do EAP-SIM or EAP-AKA[']: AKA_SIM_METHOD_HINT_AKA_PRIME this ID was generated during an EAP-AKA' exchange or the supplicant hints it wants to perform EAP-AKA'. AKA_SIM_METHOD_HINT_AKA this ID was generated during an EAP-AKA exchange or the supplicant hints it wants to perform EAP-AKA. AKA_SIM_METHOD_HINT_SIM this IS was generated during an EAP-SIM exchange or the supplicant hints it wants to perform EAP-SIM. AKA_SIM_METHOD_HINT_UNKNOWN we don't know what type of authentication generated this ID or which one to start.
[out]	type	What type of identity this is: AKA_SIM_ID_TYPE_PERMANENT if the ID is an IMSI. AKA_SIM_ID_TYPE_PSEUDONYM if the ID is a freeform pseudonym. AKA_SIM_ID_TYPE_FASTAUTH if the ID is a fastauth identity. AKA_SIM_ID_TYPE_UNKNOWN if we can't determine what sort of ID this is.
[in]	id	the NAI string provided.
[in]	id_len	the length of the NAI string.

Returns

0 on success.
-1 on failure.

Definition at line 167 of file id.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fr_aka_sim_id_user_len()

size_t fr_aka_sim_id_user_len	(	char const *	nai,
		size_t	nai_len
	)

Find where the identity ends.

Parameters

[in]	nai	we're attempting to split.
[in]	nai_len	The length of the NAI string.

Returns

How long the identity portion of the NAI is.

Definition at line 57 of file id.c.

Here is the caller graph for this function:

Variable Documentation

◆ fr_aka_sim_id_method_table

fr_table_num_sorted_t const fr_aka_sim_id_method_table[]

Initial value:

= {
        { L("AKA"),                     AKA_SIM_METHOD_HINT_AKA         },
        { L("AKA'"),                    AKA_SIM_METHOD_HINT_AKA_PRIME   },
        { L("SIM"),                     AKA_SIM_METHOD_HINT_SIM         },
}

Definition at line 43 of file id.c.

◆ fr_aka_sim_id_method_table_len

size_t fr_aka_sim_id_method_table_len = NUM_ELEMENTS(fr_aka_sim_id_method_table)

Definition at line 48 of file id.c.

◆ fr_aka_sim_id_request_table

fr_table_num_sorted_t const fr_aka_sim_id_request_table[]

Initial value:

= {
        { L("Any-Id-Req"),              AKA_SIM_ANY_ID_REQ              },
        { L("FullAuth-Id-Req"),         AKA_SIM_FULLAUTH_ID_REQ         },
        { L("Init"),                    AKA_SIM_INIT_ID_REQ             },
        { L("Permanent-Id-Req"),        AKA_SIM_PERMANENT_ID_REQ        },
        { L("no"),                      AKA_SIM_NO_ID_REQ               },      
        { L("none"),                    AKA_SIM_NO_ID_REQ               },
}

Definition at line 33 of file id.c.

◆ fr_aka_sim_id_request_table_len

size_t fr_aka_sim_id_request_table_len = NUM_ELEMENTS(fr_aka_sim_id_request_table)

Definition at line 41 of file id.c.

◆ hint_byte_matrix

char hint_byte_matrix[AKA_SIM_METHOD_HINT_MAX][AKA_SIM_ID_TYPE_MAX]

static

Initial value:

= {
        [AKA_SIM_METHOD_HINT_SIM] = {
                [AKA_SIM_ID_TYPE_PERMANENT]     = ID_TAG_SIM_PERMANENT,
                [AKA_SIM_ID_TYPE_PSEUDONYM]     = ID_TAG_SIM_PSEUDONYM,
                [AKA_SIM_ID_TYPE_FASTAUTH]      = ID_TAG_SIM_PERMANENT,
                [AKA_SIM_ID_TYPE_UNKNOWN]       = '\0',
        },
        [AKA_SIM_METHOD_HINT_AKA] = {
                [AKA_SIM_ID_TYPE_PERMANENT]     = ID_TAG_AKA_PERMANENT,
                [AKA_SIM_ID_TYPE_PSEUDONYM]     = ID_TAG_AKA_PSEUDONYM,
                [AKA_SIM_ID_TYPE_FASTAUTH]      = ID_TAG_AKA_PERMANENT,
                [AKA_SIM_ID_TYPE_UNKNOWN]       = '\0',
        },
        [AKA_SIM_METHOD_HINT_AKA_PRIME] = {
                [AKA_SIM_ID_TYPE_PERMANENT]     = ID_TAG_AKA_PRIME_PERMANENT,
                [AKA_SIM_ID_TYPE_PSEUDONYM]     = ID_TAG_AKA_PRIME_PSEUDONYM,
                [AKA_SIM_ID_TYPE_FASTAUTH]      = ID_TAG_AKA_PRIME_PERMANENT,
                [AKA_SIM_ID_TYPE_UNKNOWN]       = '\0',
        },
        [AKA_SIM_METHOD_HINT_UNKNOWN] = {
                '\0'    
        }
}

Definition at line 343 of file id.c.

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ us

Function Documentation

◆ fr_aka_sim_3gpp_root_nai_domain_mcc_mnc()

◆ fr_aka_sim_domain()

◆ fr_aka_sim_hint_byte()

◆ fr_aka_sim_id_3gpp_pseudonym_decrypt()

◆ fr_aka_sim_id_3gpp_pseudonym_encrypt()

◆ fr_aka_sim_id_3gpp_pseudonym_key_index()

◆ fr_aka_sim_id_3gpp_pseudonym_tag()

◆ fr_aka_sim_id_to_eap_type()

◆ fr_aka_sim_id_type()

◆ fr_aka_sim_id_user_len()

Variable Documentation

◆ fr_aka_sim_id_method_table

◆ fr_aka_sim_id_method_table_len

◆ fr_aka_sim_id_request_table

◆ fr_aka_sim_id_request_table_len

◆ hint_byte_matrix