The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Typedefs | Functions
state_machine.h File Reference

Declarations for EAP-AKA. More...

#include <freeradius-devel/eap_aka_sim/base.h>
+ Include dependency graph for state_machine.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  eap_aka_sim_actions_t
 Cache sections to call on various protocol events. More...
 
union  eap_aka_sim_actions_t.__unnamed24__
 
struct  eap_aka_sim_actions_t.__unnamed24__.__unnamed26__
 
struct  eap_aka_sim_actions_t.__unnamed24__.__unnamed28__
 
struct  eap_aka_sim_process_conf_t
 
struct  eap_aka_sim_session_s
 

Typedefs

typedef struct eap_aka_sim_session_s eap_aka_sim_session_t
 

Functions

unlang_action_t eap_aka_sim_state_machine_process (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 Resumes the state machine when receiving a new response packet. More...
 

Detailed Description

Declarations for EAP-AKA.

Id
3a0e241a1ad2ebbeffbd682f8c8eca4f076585a7
Author
Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
Copyright
2016-2019 The FreeRADIUS server project
2016-2019 Network RADIUS SAS <legal.com>

Definition in file state_machine.h.

Data Structure Documentation

◆ eap_aka_sim_actions_t

struct eap_aka_sim_actions_t

Cache sections to call on various protocol events.

Definition at line 98 of file state_machine.h.

+ Collaboration diagram for eap_aka_sim_actions_t:
Data Fields
union eap_aka_sim_actions_t __unnamed__
CONF_SECTION * clear_pseudonym Clear pseudonym to permanent ID mapping.
CONF_SECTION * clear_session Clear authentication vectors.
CONF_SECTION * load_pseudonym Resolve a pseudonym to a permanent ID.
CONF_SECTION * load_session Load cached authentication vectors.
CONF_SECTION * recv_common_client_error Called if the supplicant experiences an error of some kind.
CONF_SECTION * recv_common_failure_notification_ack Called when the supplicant ACKs our failure notification.
CONF_SECTION * recv_common_identity_response Called when we receive a new identity.
CONF_SECTION * recv_common_reauthentication_response Process the reauthentication response from the supplicant.
CONF_SECTION * recv_common_success_notification_ack Called when the supplicant ACKs our success notification.
CONF_SECTION * send_common_failure_notification Called when we're about to send a failure notification.
CONF_SECTION * send_common_identity_request Called when we're about to request a different identity.
CONF_SECTION * send_common_reauthentication_request Challenge the supplicant with an MK from an existing session.
CONF_SECTION * send_common_success_notification Called when we're about to send a success notification.
CONF_SECTION * send_eap_failure Called when we send an EAP-Failure message.
CONF_SECTION * send_eap_success Called when we send an EAP-Success message.
CONF_SECTION * store_pseudonym Store a permanent ID to pseudonym mapping.
CONF_SECTION * store_session Store authentication vectors.

◆ eap_aka_sim_actions_t.__unnamed24__

union eap_aka_sim_actions_t.__unnamed24__

Definition at line 99 of file state_machine.h.

Data Fields
__unnamed24__ __unnamed__
__unnamed24__ __unnamed__

◆ eap_aka_sim_actions_t.__unnamed24__.__unnamed26__

struct eap_aka_sim_actions_t.__unnamed24__.__unnamed26__

Definition at line 104 of file state_machine.h.

Data Fields
CONF_SECTION * recv_aka_authentication_reject Called if the supplicant rejects the authentication attempt.
CONF_SECTION * recv_aka_challenge_response Called when we receive a response to a previous challenge.
CONF_SECTION * recv_aka_identity_response Called when we receive a new identity.
CONF_SECTION * recv_aka_synchronization_failure Called if the supplicant determines.

the AUTN value is invalid. Usually used for resyncing with the HLR.

CONF_SECTION * send_aka_challenge_request Called when we're about to send a a challenge.
CONF_SECTION * send_aka_identity_request Called when we're about to request a different identity.

◆ eap_aka_sim_actions_t.__unnamed24__.__unnamed28__

struct eap_aka_sim_actions_t.__unnamed24__.__unnamed28__

Definition at line 126 of file state_machine.h.

Data Fields
CONF_SECTION * recv_sim_challenge_response Called when we receive a response to a previous challenge.
CONF_SECTION * recv_sim_start_response Called when we receive a new identity.
CONF_SECTION * send_sim_challenge_request Called when we're about to send a a challenge.
CONF_SECTION * send_sim_start_request Called when we're about to request a different identity.

◆ eap_aka_sim_process_conf_t

struct eap_aka_sim_process_conf_t

Definition at line 187 of file state_machine.h.

+ Collaboration diagram for eap_aka_sim_process_conf_t:
Data Fields
eap_aka_sim_actions_t actions Pre-compiled virtual server sections.
size_t ephemeral_id_length The length of any identities we're generating.
EVP_MD const * hmac_md The hmac used for validating packets.

EVP_sha1() for EAP-AKA, EVP_sha256() for EAP-AKA'.

char const * network_name Network ID as described by RFC 5448.
bool protected_success Send a success notification as well as and EAP-Success packet.
fr_aka_sim_id_req_type_t request_identity Whether we always request the identity of the subscriber.
bool strip_permanent_identity_hint Control whether the hint byte is stripped when populating Permanent-Identity.
eap_type_t type The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.

◆ eap_aka_sim_session_s

struct eap_aka_sim_session_s

Definition at line 37 of file state_machine.h.

+ Collaboration diagram for eap_aka_sim_session_s:
Data Fields
bool allow_encrypted Whether we can send encrypted attributes at this phase of the attempt.
bool challenge_success Whether we received the correct challenge response.
uint16_t failure_type One of the following values:
  • FR_NOTIFICATION_VALUE_GENERAL_FAILURE_AFTER_AUTHENTICATION
  • FR_NOTIFICATION_VALUE_TEMPORARILY_DENIED
  • FR_NOTIFICATION_VALUE_NOT_SUBSCRIBED
  • FR_NOTIFICATION_VALUE_GENERAL_FAILURE
char * fastauth_sent Fastauth value we sent.
fr_aka_sim_id_req_type_t id_req The type of identity we're requesting.
uint16_t kdf The key derivation function used to derive session keys.
fr_aka_sim_keys_t keys Various EAP-AKA/AKA'/SIMkeys.
fr_aka_sim_id_req_type_t last_id_req The last identity request we sent.
EVP_MD const * mac_md HMAC-MD we use to generate the MAC.

EVP_sha1() for EAP-AKA, EVP_sha256() for EAP-AKA'.

module_method_t next Resumption function to call after executing common code.
bool prev_recv_sync_failure We only allow one sync failure per session for sanity.
char * pseudonym_sent Pseudonym value we sent.
bool reauthentication_success Whether we got a valid reauthentication response.
bool send_result_ind Say that we would like to use protected result indications (AKA-Notification-Success).
module_method_t state The process function to run when we receive the next round of EAP-SIM/AKA/AKA'.
eap_type_t type Either FR_TYPE_AKA, or FR_TYPE_AKA_PRIME.

Typedef Documentation

◆ eap_aka_sim_session_t

typedef struct eap_aka_sim_session_s eap_aka_sim_session_t

Definition at line 1 of file state_machine.h.

Function Documentation

◆ eap_aka_sim_state_machine_process()

unlang_action_t eap_aka_sim_state_machine_process ( rlm_rcode_t p_result,
module_ctx_t const *  mctx,
request_t request 
)

Resumes the state machine when receiving a new response packet.

Definition at line 3690 of file state_machine.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:
Generated by   doxygen 1.9.1