The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
id.h
Go to the documentation of this file.
1#pragma once
2/*
3 * This program is is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or (at
6 * your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16 */
17
18/**
19 * @file src/lib/eap_aka_sim/id.h
20 * @brief EAP-SIM/EAP-AKA identity detection, creation, and decyption.
21 *
22 * @copyright 2017 The FreeRADIUS server project
23 */
24#include <sys/types.h>
25#include <freeradius-devel/util/token.h>
26
27#ifdef __cplusplus
28extern "C" {
29#endif
30
31#define AKA_SIM_3GPP_PSEUDONYM_LEN 23U //!< Length of a base64 encoded 3gpp pseudonym.
32#define AKA_SIM_IMSI_MAX_LEN 15U //!< Length of an IMSI number in ASCII.
33#define AKA_SIM_IMSI_MIN_LEN 14U //!< Minimum length of an IMSI number in ASCII.
34
35/** SIM/AKA method hints
36 *
37 * Derived from processing the provided identity.
38 */
39typedef enum {
40 AKA_SIM_METHOD_HINT_UNKNOWN = 0, //!< We don't know what method the identity hints at.
41 AKA_SIM_METHOD_HINT_SIM, //!< The identity hints the supplicant wants to use
42 ///< EAP-SIM.
43 AKA_SIM_METHOD_HINT_AKA, //!< The identity hints the supplicant wants to use
44 ///< EAP-AKA.
48
49/** SIM/AKA identity type hints
50 *
51 * Derived from the processing the provided identity.
52 */
53typedef enum {
54 AKA_SIM_ID_TYPE_UNKNOWN = 0, //!< We don't know what type of identity this is.
55 AKA_SIM_ID_TYPE_PERMANENT, //!< This is a permanent identity (the IMSI of the SIM).
56 AKA_SIM_ID_TYPE_PSEUDONYM, //!< This is a custom pseudonym.
57 AKA_SIM_ID_TYPE_FASTAUTH, //!< This is a fastauth (session-resumption) id.
60
61typedef enum {
62 ID_TAG_SIM_PERMANENT = '1', //!< IMSI, and hint that client wants to do EAP-SIM
63 ID_TAG_SIM_PSEUDONYM = '3', //!< Pseudonym, continue EAP-SIM
64 ID_TAG_SIM_FASTAUTH = '5', //!< Fastauth, continue EAP-SIM
65
66 ID_TAG_AKA_PERMANENT = '0', //!< IMSI, and hint that client wants to do EAP-AKA
67 ID_TAG_AKA_PSEUDONYM = '2', //!< Pseudonym, continue EAP-AKA
68 ID_TAG_AKA_FASTAUTH = '4', //!< Fastauth, continue EAP-AKA
69
70 ID_TAG_AKA_PRIME_PERMANENT = '6', //!< IMSI, and hint that client wants to do EAP-AKA-Prime.
71 ID_TAG_AKA_PRIME_PSEUDONYM = '7', //!< Pseudonym, continue EAP-AKA-Prime
72 ID_TAG_AKA_PRIME_FASTAUTH = '8' //!< Fastuath, continue EAP-AKA-Prime
74
75/** Identity request types
76 */
77typedef enum {
78 AKA_SIM_INIT_ID_REQ = 0, //!< We've requested no ID. This is used for last_id_req.
79 AKA_SIM_NO_ID_REQ, //!< We're not requesting any ID.
80 AKA_SIM_ANY_ID_REQ, //!< Request IMSI, Pseudonym or Fast-reauth.
81 AKA_SIM_FULLAUTH_ID_REQ, //!< Request IMSI or Pseudonym.
82 AKA_SIM_PERMANENT_ID_REQ, //!< Request IMSI.
84
89
90#define ID_TAG_SIM_PSEUDONYM_B64 55
91#define ID_TAG_SIM_FASTAUTH_B64 57
92#define ID_TAG_AKA_PSEUDONYM_B64 54
93#define ID_TAG_AKA_FASTAUTH_B64 56
94#define ID_TAG_AKA_PRIME_PSEUDONYM_B64 59
95#define ID_TAG_AKA_PRIME_FASTAUTH_B64 60
96
97size_t fr_aka_sim_id_user_len(char const *nai, size_t nai_len);
98
99char const *fr_aka_sim_domain(char const *nai, size_t nai_len);
100
102 char const *domain, size_t domain_len);
103
105 char const *id, size_t id_len);
106
108
109eap_type_t fr_aka_sim_id_to_eap_type(char const *id, size_t len);
110
112 char const *imsi, size_t imsi_len,
113 uint8_t tag, uint8_t key_ind, uint8_t const key[16]);
114
116
118
120 char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN],
121 uint8_t const key[16]);
122
123#ifdef __cplusplus
124}
125#endif
enum eap_type eap_type_t
int fr_aka_sim_id_3gpp_pseudonym_decrypt(char out[AKA_SIM_IMSI_MAX_LEN+1], char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN], uint8_t const key[16])
Decrypt the 3GPP pseudonym.
Definition id.c:576
ssize_t fr_aka_sim_3gpp_root_nai_domain_mcc_mnc(uint16_t *mnc, uint16_t *mcc, char const *domain, size_t domain_len)
Extract the MCC and MCN from the 3GPP domain.
Definition id.c:97
#define AKA_SIM_IMSI_MAX_LEN
Length of an IMSI number in ASCII.
Definition id.h:32
fr_aka_sim_id_req_type_t
Identity request types.
Definition id.h:77
@ AKA_SIM_INIT_ID_REQ
We've requested no ID. This is used for last_id_req.
Definition id.h:78
@ AKA_SIM_NO_ID_REQ
We're not requesting any ID.
Definition id.h:79
@ AKA_SIM_ANY_ID_REQ
Request IMSI, Pseudonym or Fast-reauth.
Definition id.h:80
@ AKA_SIM_FULLAUTH_ID_REQ
Request IMSI or Pseudonym.
Definition id.h:81
@ AKA_SIM_PERMANENT_ID_REQ
Request IMSI.
Definition id.h:82
fr_table_num_sorted_t const fr_aka_sim_id_method_table[]
Definition id.c:43
fr_aka_sim_id_tag_t
Definition id.h:61
@ ID_TAG_AKA_PERMANENT
IMSI, and hint that client wants to do EAP-AKA.
Definition id.h:66
@ ID_TAG_SIM_PERMANENT
IMSI, and hint that client wants to do EAP-SIM.
Definition id.h:62
@ ID_TAG_AKA_PRIME_FASTAUTH
Fastuath, continue EAP-AKA-Prime.
Definition id.h:72
@ ID_TAG_AKA_FASTAUTH
Fastauth, continue EAP-AKA.
Definition id.h:68
@ ID_TAG_SIM_PSEUDONYM
Pseudonym, continue EAP-SIM.
Definition id.h:63
@ ID_TAG_AKA_PRIME_PSEUDONYM
Pseudonym, continue EAP-AKA-Prime.
Definition id.h:71
@ ID_TAG_AKA_PSEUDONYM
Pseudonym, continue EAP-AKA.
Definition id.h:67
@ ID_TAG_SIM_FASTAUTH
Fastauth, continue EAP-SIM.
Definition id.h:64
@ ID_TAG_AKA_PRIME_PERMANENT
IMSI, and hint that client wants to do EAP-AKA-Prime.
Definition id.h:70
uint8_t fr_aka_sim_id_3gpp_pseudonym_key_index(char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
Return the key index from a 3gpp pseudonym.
Definition id.c:561
size_t fr_aka_sim_id_method_table_len
Definition id.c:48
size_t fr_aka_sim_id_user_len(char const *nai, size_t nai_len)
Find where the identity ends.
Definition id.c:57
fr_aka_sim_method_hint_t
SIM/AKA method hints.
Definition id.h:39
@ AKA_SIM_METHOD_HINT_AKA
The identity hints the supplicant wants to use EAP-AKA.
Definition id.h:43
@ AKA_SIM_METHOD_HINT_SIM
The identity hints the supplicant wants to use EAP-SIM.
Definition id.h:41
@ AKA_SIM_METHOD_HINT_AKA_PRIME
Definition id.h:45
@ AKA_SIM_METHOD_HINT_MAX
Definition id.h:46
@ AKA_SIM_METHOD_HINT_UNKNOWN
We don't know what method the identity hints at.
Definition id.h:40
eap_type_t fr_aka_sim_id_to_eap_type(char const *id, size_t len)
Determine if a given identity is a 3gpp identity, and return the EAP method hinted.
Definition id.c:306
char fr_aka_sim_hint_byte(fr_aka_sim_id_type_t type, fr_aka_sim_method_hint_t method)
Return the expected identity hint for a given type/method combination.
Definition id.c:375
char const * fr_aka_sim_domain(char const *nai, size_t nai_len)
Find where in the NAI string the domain starts.
Definition id.c:75
fr_table_num_sorted_t const fr_aka_sim_id_request_table[]
Definition id.c:33
uint8_t fr_aka_sim_id_3gpp_pseudonym_tag(char const encr_id[AKA_SIM_3GPP_PSEUDONYM_LEN])
Return the tag from a 3gpp pseudonym.
Definition id.c:550
#define AKA_SIM_3GPP_PSEUDONYM_LEN
Length of a base64 encoded 3gpp pseudonym.
Definition id.h:31
size_t fr_aka_sim_id_request_table_len
Definition id.c:41
fr_aka_sim_id_type_t
SIM/AKA identity type hints.
Definition id.h:53
@ AKA_SIM_ID_TYPE_UNKNOWN
We don't know what type of identity this is.
Definition id.h:54
@ AKA_SIM_ID_TYPE_PSEUDONYM
This is a custom pseudonym.
Definition id.h:56
@ AKA_SIM_ID_TYPE_MAX
Definition id.h:58
@ AKA_SIM_ID_TYPE_PERMANENT
This is a permanent identity (the IMSI of the SIM).
Definition id.h:55
@ AKA_SIM_ID_TYPE_FASTAUTH
This is a fastauth (session-resumption) id.
Definition id.h:57
int fr_aka_sim_id_3gpp_pseudonym_encrypt(char out[AKA_SIM_3GPP_PSEUDONYM_LEN+1], char const *imsi, size_t imsi_len, uint8_t tag, uint8_t key_ind, uint8_t const key[16])
Create a 3gpp pseudonym from a permanent ID.
Definition id.c:397
int fr_aka_sim_id_type(fr_aka_sim_id_type_t *type, fr_aka_sim_method_hint_t *hint, char const *id, size_t id_len)
Determine what type of ID was provided in the initial identity response.
Definition id.c:167
unsigned short uint16_t
long int ssize_t
unsigned char uint8_t
fr_aka_sim_id_type_t type
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
static size_t char ** out
Definition value.h:997