The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Macros | Enumerations | Functions | Variables
id.h File Reference

EAP-SIM/EAP-AKA identity detection, creation, and decyption. More...

#include <sys/types.h>
#include <freeradius-devel/util/token.h>
+ Include dependency graph for id.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define AKA_SIM_3GPP_PSEUDONYM_LEN   23U
 Length of a base64 encoded 3gpp pseudonym. More...
 
#define AKA_SIM_IMSI_MAX_LEN   15U
 Length of an IMSI number in ASCII. More...
 
#define AKA_SIM_IMSI_MIN_LEN   14U
 Minimum length of an IMSI number in ASCII. More...
 
#define ID_TAG_AKA_FASTAUTH_B64   56
 
#define ID_TAG_AKA_PRIME_FASTAUTH_B64   60
 
#define ID_TAG_AKA_PRIME_PSEUDONYM_B64   59
 
#define ID_TAG_AKA_PSEUDONYM_B64   54
 
#define ID_TAG_SIM_FASTAUTH_B64   57
 
#define ID_TAG_SIM_PSEUDONYM_B64   55
 

Enumerations

enum  fr_aka_sim_id_req_type_t {
  AKA_SIM_INIT_ID_REQ = 0 ,
  AKA_SIM_NO_ID_REQ ,
  AKA_SIM_ANY_ID_REQ ,
  AKA_SIM_FULLAUTH_ID_REQ ,
  AKA_SIM_PERMANENT_ID_REQ
}
 Identity request types. More...
 
enum  fr_aka_sim_id_tag_t {
  ID_TAG_SIM_PERMANENT = '1' ,
  ID_TAG_SIM_PSEUDONYM = '3' ,
  ID_TAG_SIM_FASTAUTH = '5' ,
  ID_TAG_AKA_PERMANENT = '0' ,
  ID_TAG_AKA_PSEUDONYM = '2' ,
  ID_TAG_AKA_FASTAUTH = '4' ,
  ID_TAG_AKA_PRIME_PERMANENT = '6' ,
  ID_TAG_AKA_PRIME_PSEUDONYM = '7' ,
  ID_TAG_AKA_PRIME_FASTAUTH = '8'
}
 
enum  fr_aka_sim_id_type_t {
  AKA_SIM_ID_TYPE_UNKNOWN = 0 ,
  AKA_SIM_ID_TYPE_PERMANENT ,
  AKA_SIM_ID_TYPE_PSEUDONYM ,
  AKA_SIM_ID_TYPE_FASTAUTH ,
  AKA_SIM_ID_TYPE_MAX
}
 SIM/AKA identity type hints. More...
 
enum  fr_aka_sim_method_hint_t {
  AKA_SIM_METHOD_HINT_UNKNOWN = 0 ,
  AKA_SIM_METHOD_HINT_SIM ,
  AKA_SIM_METHOD_HINT_AKA ,
  AKA_SIM_METHOD_HINT_AKA_PRIME ,
  AKA_SIM_METHOD_HINT_MAX
}
 SIM/AKA method hints. More...
 

Functions

ssize_t fr_aka_sim_3gpp_root_nai_domain_mcc_mnc (uint16_t *mnc, uint16_t *mcc, char const *domain, size_t domain_len)
 Extract the MCC and MCN from the 3GPP domain. More...
 
char const * fr_aka_sim_domain (char const *nai, size_t nai_len)
 Find where in the NAI string the domain starts. More...
 
char fr_aka_sim_hint_byte (fr_aka_sim_id_type_t type, fr_aka_sim_method_hint_t method)
 Return the expected identity hint for a given type/method combination. More...
 
int fr_aka_sim_id_3gpp_pseudonym_decrypt (char out[AKA_SIM_IMSI_MAX_LEN+1], char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN], uint8_t const key[16])
 Decrypt the 3GPP pseudonym. More...
 
int fr_aka_sim_id_3gpp_pseudonym_encrypt (char out[AKA_SIM_3GPP_PSEUDONYM_LEN+1], char const *imsi, size_t imsi_len, uint8_t tag, uint8_t key_ind, uint8_t const key[16])
 Create a 3gpp pseudonym from a permanent ID. More...
 
uint8_t fr_aka_sim_id_3gpp_pseudonym_key_index (char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
 Return the key index from a 3gpp pseudonym. More...
 
uint8_t fr_aka_sim_id_3gpp_pseudonym_tag (char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
 Return the tag from a 3gpp pseudonym. More...
 
eap_type_t fr_aka_sim_id_to_eap_type (char const *id, size_t len)
 Determine if a given identity is a 3gpp identity, and return the EAP method hinted. More...
 
int fr_aka_sim_id_type (fr_aka_sim_id_type_t *type, fr_aka_sim_method_hint_t *hint, char const *id, size_t id_len)
 Determine what type of ID was provided in the initial identity response. More...
 
size_t fr_aka_sim_id_user_len (char const *nai, size_t nai_len)
 Find where the identity ends. More...
 

Variables

fr_table_num_sorted_t const fr_aka_sim_id_method_table []
 
size_t fr_aka_sim_id_method_table_len
 
fr_table_num_sorted_t const fr_aka_sim_id_request_table []
 
size_t fr_aka_sim_id_request_table_len
 

Detailed Description

EAP-SIM/EAP-AKA identity detection, creation, and decyption.

Copyright
2017 The FreeRADIUS server project

Definition in file id.h.

Macro Definition Documentation

◆ AKA_SIM_3GPP_PSEUDONYM_LEN

#define AKA_SIM_3GPP_PSEUDONYM_LEN   23U

Length of a base64 encoded 3gpp pseudonym.

Definition at line 31 of file id.h.

◆ AKA_SIM_IMSI_MAX_LEN

#define AKA_SIM_IMSI_MAX_LEN   15U

Length of an IMSI number in ASCII.

Definition at line 32 of file id.h.

◆ AKA_SIM_IMSI_MIN_LEN

#define AKA_SIM_IMSI_MIN_LEN   14U

Minimum length of an IMSI number in ASCII.

Definition at line 33 of file id.h.

◆ ID_TAG_AKA_FASTAUTH_B64

#define ID_TAG_AKA_FASTAUTH_B64   56

Definition at line 93 of file id.h.

◆ ID_TAG_AKA_PRIME_FASTAUTH_B64

#define ID_TAG_AKA_PRIME_FASTAUTH_B64   60

Definition at line 95 of file id.h.

◆ ID_TAG_AKA_PRIME_PSEUDONYM_B64

#define ID_TAG_AKA_PRIME_PSEUDONYM_B64   59

Definition at line 94 of file id.h.

◆ ID_TAG_AKA_PSEUDONYM_B64

#define ID_TAG_AKA_PSEUDONYM_B64   54

Definition at line 92 of file id.h.

◆ ID_TAG_SIM_FASTAUTH_B64

#define ID_TAG_SIM_FASTAUTH_B64   57

Definition at line 91 of file id.h.

◆ ID_TAG_SIM_PSEUDONYM_B64

#define ID_TAG_SIM_PSEUDONYM_B64   55

Definition at line 90 of file id.h.

Enumeration Type Documentation

◆ fr_aka_sim_id_req_type_t

enum fr_aka_sim_id_req_type_t

Identity request types.

Enumerator
AKA_SIM_INIT_ID_REQ 

We've requested no ID. This is used for last_id_req.

AKA_SIM_NO_ID_REQ 

We're not requesting any ID.

AKA_SIM_ANY_ID_REQ 

Request IMSI, Pseudonym or Fast-reauth.

AKA_SIM_FULLAUTH_ID_REQ 

Request IMSI or Pseudonym.

AKA_SIM_PERMANENT_ID_REQ 

Request IMSI.

Definition at line 77 of file id.h.

◆ fr_aka_sim_id_tag_t

enum fr_aka_sim_id_tag_t
Enumerator
ID_TAG_SIM_PERMANENT 

IMSI, and hint that client wants to do EAP-SIM.

ID_TAG_SIM_PSEUDONYM 

Pseudonym, continue EAP-SIM.

ID_TAG_SIM_FASTAUTH 

Fastauth, continue EAP-SIM.

ID_TAG_AKA_PERMANENT 

IMSI, and hint that client wants to do EAP-AKA.

ID_TAG_AKA_PSEUDONYM 

Pseudonym, continue EAP-AKA.

ID_TAG_AKA_FASTAUTH 

Fastauth, continue EAP-AKA.

ID_TAG_AKA_PRIME_PERMANENT 

IMSI, and hint that client wants to do EAP-AKA-Prime.

ID_TAG_AKA_PRIME_PSEUDONYM 

Pseudonym, continue EAP-AKA-Prime.

ID_TAG_AKA_PRIME_FASTAUTH 

Fastuath, continue EAP-AKA-Prime.

Definition at line 61 of file id.h.

◆ fr_aka_sim_id_type_t

enum fr_aka_sim_id_type_t

SIM/AKA identity type hints.

Derived from the processing the provided identity.

Enumerator
AKA_SIM_ID_TYPE_UNKNOWN 

We don't know what type of identity this is.

AKA_SIM_ID_TYPE_PERMANENT 

This is a permanent identity (the IMSI of the SIM).

AKA_SIM_ID_TYPE_PSEUDONYM 

This is a custom pseudonym.

AKA_SIM_ID_TYPE_FASTAUTH 

This is a fastauth (session-resumption) id.

AKA_SIM_ID_TYPE_MAX 

Definition at line 53 of file id.h.

◆ fr_aka_sim_method_hint_t

enum fr_aka_sim_method_hint_t

SIM/AKA method hints.

Derived from processing the provided identity.

Enumerator
AKA_SIM_METHOD_HINT_UNKNOWN 

We don't know what method the identity hints at.

AKA_SIM_METHOD_HINT_SIM 

The identity hints the supplicant wants to use EAP-SIM.

AKA_SIM_METHOD_HINT_AKA 

The identity hints the supplicant wants to use EAP-AKA.

AKA_SIM_METHOD_HINT_AKA_PRIME 
AKA_SIM_METHOD_HINT_MAX 

Definition at line 39 of file id.h.

Function Documentation

◆ fr_aka_sim_3gpp_root_nai_domain_mcc_mnc()

ssize_t fr_aka_sim_3gpp_root_nai_domain_mcc_mnc ( uint16_t mnc,
uint16_t mcc,
char const *  domain,
size_t  domain_len 
)

Extract the MCC and MCN from the 3GPP domain.

3GPP Root NAI domain format wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org.

Parameters
[out]mncMobile network code.
[out]mccMobile country code.
[in]domainto parse.
[in]domain_lenLength of the domain component.
Returns
  • number of bytes parsed.
  • <= 0 on error - The negative offset of where parsing failed.

Definition at line 97 of file id.c.

+ Here is the caller graph for this function:

◆ fr_aka_sim_domain()

char const* fr_aka_sim_domain ( char const *  nai,
size_t  nai_len 
)

Find where in the NAI string the domain starts.

Parameters
[in]naiwe're attempting to split.
[in]nai_lenThe length of the NAI string.
Returns
  • A pointer to where the domain portion of the domain starts.
  • NULL if there was no @ in the identity.

Definition at line 75 of file id.c.

+ Here is the caller graph for this function:

◆ fr_aka_sim_hint_byte()

char fr_aka_sim_hint_byte ( fr_aka_sim_id_type_t  type,
fr_aka_sim_method_hint_t  method 
)

Return the expected identity hint for a given type/method combination.

Parameters
[in]typeWhether this is a permanent, pseudonym or fastauth ID
[in]methodWhat EAP-Method the identity hints at.
Returns
  • An IMSI tag byte [0-9] (ASCII)
  • '\0' if either the method or type values are unknown.

Definition at line 375 of file id.c.

+ Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_decrypt()

int fr_aka_sim_id_3gpp_pseudonym_decrypt ( char  out[AKA_SIM_IMSI_MAX_LEN+1],
char const  encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN],
uint8_t const  key[16] 
)

Decrypt the 3GPP pseudonym.

Parameters
[out]outWhere to write the decypted, uncompressed IMSI.
[in]encr_idto decypt. Will read exactly 23 bytes from the buffer.
[in]keyto use to decrypt the encrypted and compressed IMSI. Must be 128 bits (16 bytes).
Returns
  • 0 on success.
  • -1 if any of the parameters were invalid.

Definition at line 576 of file id.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_encrypt()

int fr_aka_sim_id_3gpp_pseudonym_encrypt ( char  out[AKA_SIM_3GPP_PSEUDONYM_LEN+1],
char const *  imsi,
size_t  imsi_len,
uint8_t  tag,
uint8_t  key_ind,
uint8_t const  key[16] 
)

Create a 3gpp pseudonym from a permanent ID.

Parameters
[out]outWhere to write the resulting pseudonym, must be a buffer of exactly AKA_SIM_3GPP_PSEUDONYM_LEN + 1 bytes.
[in]imsiPermanent ID to derive pseudonym from. Note: If the IMSI is less than 15 digits it will be rpadded with zeros.
[in]imsi_lenLength of the IMSI. Must be between 1-15.
[in]tagTag value to prepend to the pseudonym. This field is 6 bits (0-63).
[in]key_indKey indicator (or key index), the key number used to produce the encr ID. There may be up to 16 keys in use at any one time. This field is 4 bits (0-15).
[in]keyas described by the 'Security aspects of non-3GPP accesses' document. Must be 128 bits (16 bytes).
Returns
  • 0 on success.
  • -1 if any of the parameters were invalid.

Definition at line 397 of file id.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_aka_sim_id_3gpp_pseudonym_key_index()

uint8_t fr_aka_sim_id_3gpp_pseudonym_key_index ( char const  encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])

Return the key index from a 3gpp pseudonym.

Parameters
[in]encr_idThe 3gpp pseudonym.
Returns
the key index associated with the pseudonym.

Definition at line 561 of file id.c.

◆ fr_aka_sim_id_3gpp_pseudonym_tag()

uint8_t fr_aka_sim_id_3gpp_pseudonym_tag ( char const  encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])

Return the tag from a 3gpp pseudonym.

Parameters
[in]encr_idThe 3gpp pseudonym.
Returns
the tag associated with the pseudonym.

Definition at line 550 of file id.c.

+ Here is the caller graph for this function:

◆ fr_aka_sim_id_to_eap_type()

eap_type_t fr_aka_sim_id_to_eap_type ( char const *  id,
size_t  len 
)

Determine if a given identity is a 3gpp identity, and return the EAP method hinted.

Parameters
[in]idto check.
[in]lenLength of the id.
Returns
  • FR_EAP_METHOD_INVALID if this is not a 3gpp identity.
  • FR_EAP_METHOD_AKA_PRIME if this is an AKA-Prime identity.
  • FR_EAP_METHOD_AKA if this is an AKA identity.
  • FR_EAP_METHOD_SIM if this is a SIM identity.

Definition at line 306 of file id.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_aka_sim_id_type()

int fr_aka_sim_id_type ( fr_aka_sim_id_type_t type,
fr_aka_sim_method_hint_t hint,
char const *  id,
size_t  id_len 
)

Determine what type of ID was provided in the initial identity response.

Parameters
[out]hintWhether this is a hint to do EAP-SIM or EAP-AKA[']:
  • AKA_SIM_METHOD_HINT_AKA_PRIME this ID was generated during an EAP-AKA' exchange or the supplicant hints it wants to perform EAP-AKA'.
  • AKA_SIM_METHOD_HINT_AKA this ID was generated during an EAP-AKA exchange or the supplicant hints it wants to perform EAP-AKA.
  • AKA_SIM_METHOD_HINT_SIM this IS was generated during an EAP-SIM exchange or the supplicant hints it wants to perform EAP-SIM.
  • AKA_SIM_METHOD_HINT_UNKNOWN we don't know what type of authentication generated this ID or which one to start.
[out]typeWhat type of identity this is:
  • AKA_SIM_ID_TYPE_PERMANENT if the ID is an IMSI.
  • AKA_SIM_ID_TYPE_PSEUDONYM if the ID is a freeform pseudonym.
  • AKA_SIM_ID_TYPE_FASTAUTH if the ID is a fastauth identity.
  • AKA_SIM_ID_TYPE_UNKNOWN if we can't determine what sort of ID this is.
[in]idthe NAI string provided.
[in]id_lenthe length of the NAI string.
Returns
  • 0 on success.
  • -1 on failure.

Definition at line 167 of file id.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_aka_sim_id_user_len()

size_t fr_aka_sim_id_user_len ( char const *  nai,
size_t  nai_len 
)

Find where the identity ends.

Parameters
[in]naiwe're attempting to split.
[in]nai_lenThe length of the NAI string.
Returns
  • How long the identity portion of the NAI is.

Definition at line 57 of file id.c.

+ Here is the caller graph for this function:

Variable Documentation

◆ fr_aka_sim_id_method_table

fr_table_num_sorted_t const fr_aka_sim_id_method_table[]
extern

Definition at line 43 of file id.c.

◆ fr_aka_sim_id_method_table_len

size_t fr_aka_sim_id_method_table_len
extern

Definition at line 48 of file id.c.

◆ fr_aka_sim_id_request_table

fr_table_num_sorted_t const fr_aka_sim_id_request_table[]
extern

Definition at line 33 of file id.c.

◆ fr_aka_sim_id_request_table_len

size_t fr_aka_sim_id_request_table_len
extern

Definition at line 41 of file id.c.

Generated by   doxygen 1.9.1