Line data Source code
1 : /*
2 : * hostapd / EAP-SIM database/authenticator gateway
3 : * Copyright (c) 2005-2010, 2012, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : *
8 : * This is an example implementation of the EAP-SIM/AKA database/authentication
9 : * gateway interface that is using an external program as an SS7 gateway to
10 : * GSM/UMTS authentication center (HLR/AuC). hlr_auc_gw is an example
11 : * implementation of such a gateway program. This eap_sim_db.c takes care of
12 : * EAP-SIM/AKA pseudonyms and re-auth identities. It can be used with different
13 : * gateway implementations for HLR/AuC access. Alternatively, it can also be
14 : * completely replaced if the in-memory database of pseudonyms/re-auth
15 : * identities is not suitable for some cases.
16 : */
17 :
18 : #include "includes.h"
19 : #include <sys/un.h>
20 : #ifdef CONFIG_SQLITE
21 : #include <sqlite3.h>
22 : #endif /* CONFIG_SQLITE */
23 :
24 : #include "common.h"
25 : #include "crypto/random.h"
26 : #include "eap_common/eap_sim_common.h"
27 : #include "eap_server/eap_sim_db.h"
28 : #include "eloop.h"
29 :
30 : struct eap_sim_pseudonym {
31 : struct eap_sim_pseudonym *next;
32 : char *permanent; /* permanent username */
33 : char *pseudonym; /* pseudonym username */
34 : };
35 :
36 : struct eap_sim_db_pending {
37 : struct eap_sim_db_pending *next;
38 : char imsi[20];
39 : enum { PENDING, SUCCESS, FAILURE } state;
40 : void *cb_session_ctx;
41 : int aka;
42 : union {
43 : struct {
44 : u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN];
45 : u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN];
46 : u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN];
47 : int num_chal;
48 : } sim;
49 : struct {
50 : u8 rand[EAP_AKA_RAND_LEN];
51 : u8 autn[EAP_AKA_AUTN_LEN];
52 : u8 ik[EAP_AKA_IK_LEN];
53 : u8 ck[EAP_AKA_CK_LEN];
54 : u8 res[EAP_AKA_RES_MAX_LEN];
55 : size_t res_len;
56 : } aka;
57 : } u;
58 : };
59 :
60 : struct eap_sim_db_data {
61 : int sock;
62 : char *fname;
63 : char *local_sock;
64 : void (*get_complete_cb)(void *ctx, void *session_ctx);
65 : void *ctx;
66 : struct eap_sim_pseudonym *pseudonyms;
67 : struct eap_sim_reauth *reauths;
68 : struct eap_sim_db_pending *pending;
69 : #ifdef CONFIG_SQLITE
70 : sqlite3 *sqlite_db;
71 : char db_tmp_identity[100];
72 : char db_tmp_pseudonym_str[100];
73 : struct eap_sim_pseudonym db_tmp_pseudonym;
74 : struct eap_sim_reauth db_tmp_reauth;
75 : #endif /* CONFIG_SQLITE */
76 : };
77 :
78 :
79 : #ifdef CONFIG_SQLITE
80 :
81 2 : static int db_table_exists(sqlite3 *db, const char *name)
82 : {
83 : char cmd[128];
84 2 : os_snprintf(cmd, sizeof(cmd), "SELECT 1 FROM %s;", name);
85 2 : return sqlite3_exec(db, cmd, NULL, NULL, NULL) == SQLITE_OK;
86 : }
87 :
88 :
89 1 : static int db_table_create_pseudonym(sqlite3 *db)
90 : {
91 1 : char *err = NULL;
92 1 : const char *sql =
93 : "CREATE TABLE pseudonyms("
94 : " permanent CHAR(21) PRIMARY KEY,"
95 : " pseudonym CHAR(21) NOT NULL"
96 : ");";
97 :
98 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
99 : "pseudonym information");
100 1 : if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
101 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
102 0 : sqlite3_free(err);
103 0 : return -1;
104 : }
105 :
106 1 : return 0;
107 : }
108 :
109 :
110 1 : static int db_table_create_reauth(sqlite3 *db)
111 : {
112 1 : char *err = NULL;
113 1 : const char *sql =
114 : "CREATE TABLE reauth("
115 : " permanent CHAR(21) PRIMARY KEY,"
116 : " reauth_id CHAR(21) NOT NULL,"
117 : " counter INTEGER,"
118 : " mk CHAR(40),"
119 : " k_encr CHAR(32),"
120 : " k_aut CHAR(64),"
121 : " k_re CHAR(64)"
122 : ");";
123 :
124 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
125 : "reauth information");
126 1 : if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
127 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
128 0 : sqlite3_free(err);
129 0 : return -1;
130 : }
131 :
132 1 : return 0;
133 : }
134 :
135 :
136 1 : static sqlite3 * db_open(const char *db_file)
137 : {
138 : sqlite3 *db;
139 :
140 1 : if (sqlite3_open(db_file, &db)) {
141 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: Failed to open database "
142 : "%s: %s", db_file, sqlite3_errmsg(db));
143 0 : sqlite3_close(db);
144 0 : return NULL;
145 : }
146 :
147 2 : if (!db_table_exists(db, "pseudonyms") &&
148 1 : db_table_create_pseudonym(db) < 0) {
149 0 : sqlite3_close(db);
150 0 : return NULL;
151 : }
152 :
153 2 : if (!db_table_exists(db, "reauth") &&
154 1 : db_table_create_reauth(db) < 0) {
155 0 : sqlite3_close(db);
156 0 : return NULL;
157 : }
158 :
159 1 : return db;
160 : }
161 :
162 :
163 121 : static int valid_db_string(const char *str)
164 : {
165 121 : const char *pos = str;
166 2558 : while (*pos) {
167 2931 : if ((*pos < '0' || *pos > '9') &&
168 1230 : (*pos < 'a' || *pos > 'f'))
169 0 : return 0;
170 2316 : pos++;
171 : }
172 121 : return 1;
173 : }
174 :
175 :
176 18 : static int db_add_pseudonym(struct eap_sim_db_data *data,
177 : const char *permanent, char *pseudonym)
178 : {
179 : char cmd[128];
180 18 : char *err = NULL;
181 :
182 18 : if (!valid_db_string(permanent) || !valid_db_string(pseudonym)) {
183 0 : os_free(pseudonym);
184 0 : return -1;
185 : }
186 :
187 18 : os_snprintf(cmd, sizeof(cmd), "INSERT OR REPLACE INTO pseudonyms "
188 : "(permanent, pseudonym) VALUES ('%s', '%s');",
189 : permanent, pseudonym);
190 18 : os_free(pseudonym);
191 18 : if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
192 : {
193 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
194 0 : sqlite3_free(err);
195 0 : return -1;
196 : }
197 :
198 18 : return 0;
199 : }
200 :
201 :
202 6 : static int get_pseudonym_cb(void *ctx, int argc, char *argv[], char *col[])
203 : {
204 6 : struct eap_sim_db_data *data = ctx;
205 : int i;
206 :
207 12 : for (i = 0; i < argc; i++) {
208 6 : if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
209 6 : os_strlcpy(data->db_tmp_identity, argv[i],
210 : sizeof(data->db_tmp_identity));
211 : }
212 : }
213 :
214 6 : return 0;
215 : }
216 :
217 :
218 : static char *
219 9 : db_get_pseudonym(struct eap_sim_db_data *data, const char *pseudonym)
220 : {
221 : char cmd[128];
222 :
223 9 : if (!valid_db_string(pseudonym))
224 0 : return NULL;
225 9 : os_memset(&data->db_tmp_identity, 0, sizeof(data->db_tmp_identity));
226 9 : os_snprintf(cmd, sizeof(cmd),
227 : "SELECT permanent FROM pseudonyms WHERE pseudonym='%s';",
228 : pseudonym);
229 9 : if (sqlite3_exec(data->sqlite_db, cmd, get_pseudonym_cb, data, NULL) !=
230 : SQLITE_OK)
231 0 : return NULL;
232 9 : if (data->db_tmp_identity[0] == '\0')
233 3 : return NULL;
234 6 : return data->db_tmp_identity;
235 : }
236 :
237 :
238 24 : static int db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
239 : char *reauth_id, u16 counter, const u8 *mk,
240 : const u8 *k_encr, const u8 *k_aut, const u8 *k_re)
241 : {
242 : char cmd[2000], *pos, *end;
243 24 : char *err = NULL;
244 :
245 24 : if (!valid_db_string(permanent) || !valid_db_string(reauth_id)) {
246 0 : os_free(reauth_id);
247 0 : return -1;
248 : }
249 :
250 24 : pos = cmd;
251 24 : end = pos + sizeof(cmd);
252 24 : pos += os_snprintf(pos, end - pos, "INSERT OR REPLACE INTO reauth "
253 : "(permanent, reauth_id, counter%s%s%s%s) "
254 : "VALUES ('%s', '%s', %u",
255 : mk ? ", mk" : "",
256 : k_encr ? ", k_encr" : "",
257 : k_aut ? ", k_aut" : "",
258 : k_re ? ", k_re" : "",
259 : permanent, reauth_id, counter);
260 24 : os_free(reauth_id);
261 :
262 24 : if (mk) {
263 16 : pos += os_snprintf(pos, end - pos, ", '");
264 16 : pos += wpa_snprintf_hex(pos, end - pos, mk, EAP_SIM_MK_LEN);
265 16 : pos += os_snprintf(pos, end - pos, "'");
266 : }
267 :
268 24 : if (k_encr) {
269 8 : pos += os_snprintf(pos, end - pos, ", '");
270 8 : pos += wpa_snprintf_hex(pos, end - pos, k_encr,
271 : EAP_SIM_K_ENCR_LEN);
272 8 : pos += os_snprintf(pos, end - pos, "'");
273 : }
274 :
275 24 : if (k_aut) {
276 8 : pos += os_snprintf(pos, end - pos, ", '");
277 8 : pos += wpa_snprintf_hex(pos, end - pos, k_aut,
278 : EAP_AKA_PRIME_K_AUT_LEN);
279 8 : pos += os_snprintf(pos, end - pos, "'");
280 : }
281 :
282 24 : if (k_re) {
283 8 : pos += os_snprintf(pos, end - pos, ", '");
284 8 : pos += wpa_snprintf_hex(pos, end - pos, k_re,
285 : EAP_AKA_PRIME_K_RE_LEN);
286 8 : pos += os_snprintf(pos, end - pos, "'");
287 : }
288 :
289 24 : os_snprintf(pos, end - pos, ");");
290 :
291 24 : if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
292 : {
293 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
294 0 : sqlite3_free(err);
295 0 : return -1;
296 : }
297 :
298 24 : return 0;
299 : }
300 :
301 :
302 15 : static int get_reauth_cb(void *ctx, int argc, char *argv[], char *col[])
303 : {
304 15 : struct eap_sim_db_data *data = ctx;
305 : int i;
306 15 : struct eap_sim_reauth *reauth = &data->db_tmp_reauth;
307 :
308 120 : for (i = 0; i < argc; i++) {
309 105 : if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
310 15 : os_strlcpy(data->db_tmp_identity, argv[i],
311 : sizeof(data->db_tmp_identity));
312 15 : reauth->permanent = data->db_tmp_identity;
313 90 : } else if (os_strcmp(col[i], "counter") == 0 && argv[i]) {
314 15 : reauth->counter = atoi(argv[i]);
315 75 : } else if (os_strcmp(col[i], "mk") == 0 && argv[i]) {
316 10 : hexstr2bin(argv[i], reauth->mk, sizeof(reauth->mk));
317 65 : } else if (os_strcmp(col[i], "k_encr") == 0 && argv[i]) {
318 5 : hexstr2bin(argv[i], reauth->k_encr,
319 : sizeof(reauth->k_encr));
320 60 : } else if (os_strcmp(col[i], "k_aut") == 0 && argv[i]) {
321 5 : hexstr2bin(argv[i], reauth->k_aut,
322 : sizeof(reauth->k_aut));
323 55 : } else if (os_strcmp(col[i], "k_re") == 0 && argv[i]) {
324 5 : hexstr2bin(argv[i], reauth->k_re,
325 : sizeof(reauth->k_re));
326 : }
327 : }
328 :
329 15 : return 0;
330 : }
331 :
332 :
333 : static struct eap_sim_reauth *
334 25 : db_get_reauth(struct eap_sim_db_data *data, const char *reauth_id)
335 : {
336 : char cmd[256];
337 :
338 25 : if (!valid_db_string(reauth_id))
339 0 : return NULL;
340 25 : os_memset(&data->db_tmp_reauth, 0, sizeof(data->db_tmp_reauth));
341 25 : os_strlcpy(data->db_tmp_pseudonym_str, reauth_id,
342 : sizeof(data->db_tmp_pseudonym_str));
343 25 : data->db_tmp_reauth.reauth_id = data->db_tmp_pseudonym_str;
344 25 : os_snprintf(cmd, sizeof(cmd),
345 : "SELECT * FROM reauth WHERE reauth_id='%s';", reauth_id);
346 25 : if (sqlite3_exec(data->sqlite_db, cmd, get_reauth_cb, data, NULL) !=
347 : SQLITE_OK)
348 0 : return NULL;
349 25 : if (data->db_tmp_reauth.permanent == NULL)
350 10 : return NULL;
351 15 : return &data->db_tmp_reauth;
352 : }
353 :
354 :
355 3 : static void db_remove_reauth(struct eap_sim_db_data *data,
356 : struct eap_sim_reauth *reauth)
357 : {
358 : char cmd[256];
359 :
360 3 : if (!valid_db_string(reauth->permanent))
361 3 : return;
362 3 : os_snprintf(cmd, sizeof(cmd),
363 : "DELETE FROM reauth WHERE permanent='%s';",
364 : reauth->permanent);
365 3 : sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, NULL);
366 : }
367 :
368 : #endif /* CONFIG_SQLITE */
369 :
370 :
371 : static struct eap_sim_db_pending *
372 153 : eap_sim_db_get_pending(struct eap_sim_db_data *data, const char *imsi, int aka)
373 : {
374 153 : struct eap_sim_db_pending *entry, *prev = NULL;
375 :
376 153 : entry = data->pending;
377 306 : while (entry) {
378 102 : if (entry->aka == aka && os_strcmp(entry->imsi, imsi) == 0) {
379 102 : if (prev)
380 0 : prev->next = entry->next;
381 : else
382 102 : data->pending = entry->next;
383 102 : break;
384 : }
385 0 : prev = entry;
386 0 : entry = entry->next;
387 : }
388 153 : return entry;
389 : }
390 :
391 :
392 102 : static void eap_sim_db_add_pending(struct eap_sim_db_data *data,
393 : struct eap_sim_db_pending *entry)
394 : {
395 102 : entry->next = data->pending;
396 102 : data->pending = entry;
397 102 : }
398 :
399 :
400 21 : static void eap_sim_db_sim_resp_auth(struct eap_sim_db_data *data,
401 : const char *imsi, char *buf)
402 : {
403 : char *start, *end, *pos;
404 : struct eap_sim_db_pending *entry;
405 : int num_chal;
406 :
407 : /*
408 : * SIM-RESP-AUTH <IMSI> Kc(i):SRES(i):RAND(i) ...
409 : * SIM-RESP-AUTH <IMSI> FAILURE
410 : * (IMSI = ASCII string, Kc/SRES/RAND = hex string)
411 : */
412 :
413 21 : entry = eap_sim_db_get_pending(data, imsi, 0);
414 21 : if (entry == NULL) {
415 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
416 : "received message found");
417 0 : return;
418 : }
419 :
420 21 : start = buf;
421 21 : if (os_strncmp(start, "FAILURE", 7) == 0) {
422 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
423 : "failure");
424 1 : entry->state = FAILURE;
425 1 : eap_sim_db_add_pending(data, entry);
426 1 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
427 1 : return;
428 : }
429 :
430 20 : num_chal = 0;
431 80 : while (num_chal < EAP_SIM_MAX_CHAL) {
432 60 : end = os_strchr(start, ' ');
433 60 : if (end)
434 40 : *end = '\0';
435 :
436 60 : pos = os_strchr(start, ':');
437 60 : if (pos == NULL)
438 0 : goto parse_fail;
439 60 : *pos = '\0';
440 60 : if (hexstr2bin(start, entry->u.sim.kc[num_chal],
441 : EAP_SIM_KC_LEN))
442 0 : goto parse_fail;
443 :
444 60 : start = pos + 1;
445 60 : pos = os_strchr(start, ':');
446 60 : if (pos == NULL)
447 0 : goto parse_fail;
448 60 : *pos = '\0';
449 60 : if (hexstr2bin(start, entry->u.sim.sres[num_chal],
450 : EAP_SIM_SRES_LEN))
451 0 : goto parse_fail;
452 :
453 60 : start = pos + 1;
454 60 : if (hexstr2bin(start, entry->u.sim.rand[num_chal],
455 : GSM_RAND_LEN))
456 0 : goto parse_fail;
457 :
458 60 : num_chal++;
459 60 : if (end == NULL)
460 20 : break;
461 : else
462 40 : start = end + 1;
463 : }
464 20 : entry->u.sim.num_chal = num_chal;
465 :
466 20 : entry->state = SUCCESS;
467 20 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
468 : "successfully - callback");
469 20 : eap_sim_db_add_pending(data, entry);
470 20 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
471 20 : return;
472 :
473 : parse_fail:
474 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
475 0 : os_free(entry);
476 : }
477 :
478 :
479 30 : static void eap_sim_db_aka_resp_auth(struct eap_sim_db_data *data,
480 : const char *imsi, char *buf)
481 : {
482 : char *start, *end;
483 : struct eap_sim_db_pending *entry;
484 :
485 : /*
486 : * AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES>
487 : * AKA-RESP-AUTH <IMSI> FAILURE
488 : * (IMSI = ASCII string, RAND/AUTN/IK/CK/RES = hex string)
489 : */
490 :
491 30 : entry = eap_sim_db_get_pending(data, imsi, 1);
492 30 : if (entry == NULL) {
493 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
494 : "received message found");
495 0 : return;
496 : }
497 :
498 30 : start = buf;
499 30 : if (os_strncmp(start, "FAILURE", 7) == 0) {
500 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
501 : "failure");
502 0 : entry->state = FAILURE;
503 0 : eap_sim_db_add_pending(data, entry);
504 0 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
505 0 : return;
506 : }
507 :
508 30 : end = os_strchr(start, ' ');
509 30 : if (end == NULL)
510 0 : goto parse_fail;
511 30 : *end = '\0';
512 30 : if (hexstr2bin(start, entry->u.aka.rand, EAP_AKA_RAND_LEN))
513 0 : goto parse_fail;
514 :
515 30 : start = end + 1;
516 30 : end = os_strchr(start, ' ');
517 30 : if (end == NULL)
518 0 : goto parse_fail;
519 30 : *end = '\0';
520 30 : if (hexstr2bin(start, entry->u.aka.autn, EAP_AKA_AUTN_LEN))
521 0 : goto parse_fail;
522 :
523 30 : start = end + 1;
524 30 : end = os_strchr(start, ' ');
525 30 : if (end == NULL)
526 0 : goto parse_fail;
527 30 : *end = '\0';
528 30 : if (hexstr2bin(start, entry->u.aka.ik, EAP_AKA_IK_LEN))
529 0 : goto parse_fail;
530 :
531 30 : start = end + 1;
532 30 : end = os_strchr(start, ' ');
533 30 : if (end == NULL)
534 0 : goto parse_fail;
535 30 : *end = '\0';
536 30 : if (hexstr2bin(start, entry->u.aka.ck, EAP_AKA_CK_LEN))
537 0 : goto parse_fail;
538 :
539 30 : start = end + 1;
540 30 : end = os_strchr(start, ' ');
541 30 : if (end)
542 0 : *end = '\0';
543 : else {
544 30 : end = start;
545 540 : while (*end)
546 480 : end++;
547 : }
548 30 : entry->u.aka.res_len = (end - start) / 2;
549 30 : if (entry->u.aka.res_len > EAP_AKA_RES_MAX_LEN) {
550 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Too long RES");
551 0 : entry->u.aka.res_len = 0;
552 0 : goto parse_fail;
553 : }
554 30 : if (hexstr2bin(start, entry->u.aka.res, entry->u.aka.res_len))
555 0 : goto parse_fail;
556 :
557 30 : entry->state = SUCCESS;
558 30 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
559 : "successfully - callback");
560 30 : eap_sim_db_add_pending(data, entry);
561 30 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
562 30 : return;
563 :
564 : parse_fail:
565 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
566 0 : os_free(entry);
567 : }
568 :
569 :
570 51 : static void eap_sim_db_receive(int sock, void *eloop_ctx, void *sock_ctx)
571 : {
572 51 : struct eap_sim_db_data *data = eloop_ctx;
573 : char buf[1000], *pos, *cmd, *imsi;
574 : int res;
575 :
576 51 : res = recv(sock, buf, sizeof(buf), 0);
577 51 : if (res < 0)
578 51 : return;
579 51 : wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-SIM DB: Received from an "
580 : "external source", (u8 *) buf, res);
581 51 : if (res == 0)
582 0 : return;
583 51 : if (res >= (int) sizeof(buf))
584 0 : res = sizeof(buf) - 1;
585 51 : buf[res] = '\0';
586 :
587 51 : if (data->get_complete_cb == NULL) {
588 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No get_complete_cb "
589 : "registered");
590 0 : return;
591 : }
592 :
593 : /* <cmd> <IMSI> ... */
594 :
595 51 : cmd = buf;
596 51 : pos = os_strchr(cmd, ' ');
597 51 : if (pos == NULL)
598 0 : goto parse_fail;
599 51 : *pos = '\0';
600 51 : imsi = pos + 1;
601 51 : pos = os_strchr(imsi, ' ');
602 51 : if (pos == NULL)
603 0 : goto parse_fail;
604 51 : *pos = '\0';
605 51 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External response=%s for IMSI %s",
606 : cmd, imsi);
607 :
608 51 : if (os_strcmp(cmd, "SIM-RESP-AUTH") == 0)
609 21 : eap_sim_db_sim_resp_auth(data, imsi, pos + 1);
610 30 : else if (os_strcmp(cmd, "AKA-RESP-AUTH") == 0)
611 30 : eap_sim_db_aka_resp_auth(data, imsi, pos + 1);
612 : else
613 0 : wpa_printf(MSG_INFO, "EAP-SIM DB: Unknown external response "
614 : "'%s'", cmd);
615 51 : return;
616 :
617 : parse_fail:
618 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
619 : }
620 :
621 :
622 3 : static int eap_sim_db_open_socket(struct eap_sim_db_data *data)
623 : {
624 : struct sockaddr_un addr;
625 : static int counter = 0;
626 :
627 3 : if (os_strncmp(data->fname, "unix:", 5) != 0)
628 0 : return -1;
629 :
630 3 : data->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
631 3 : if (data->sock < 0) {
632 0 : wpa_printf(MSG_INFO, "socket(eap_sim_db): %s", strerror(errno));
633 0 : return -1;
634 : }
635 :
636 3 : os_memset(&addr, 0, sizeof(addr));
637 3 : addr.sun_family = AF_UNIX;
638 3 : os_snprintf(addr.sun_path, sizeof(addr.sun_path),
639 : "/tmp/eap_sim_db_%d-%d", getpid(), counter++);
640 3 : os_free(data->local_sock);
641 3 : data->local_sock = os_strdup(addr.sun_path);
642 3 : if (data->local_sock == NULL) {
643 0 : close(data->sock);
644 0 : data->sock = -1;
645 0 : return -1;
646 : }
647 3 : if (bind(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
648 0 : wpa_printf(MSG_INFO, "bind(eap_sim_db): %s", strerror(errno));
649 0 : close(data->sock);
650 0 : data->sock = -1;
651 0 : return -1;
652 : }
653 :
654 3 : os_memset(&addr, 0, sizeof(addr));
655 3 : addr.sun_family = AF_UNIX;
656 3 : os_strlcpy(addr.sun_path, data->fname + 5, sizeof(addr.sun_path));
657 3 : if (connect(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
658 0 : wpa_printf(MSG_INFO, "connect(eap_sim_db): %s",
659 0 : strerror(errno));
660 0 : wpa_hexdump_ascii(MSG_INFO, "HLR/AuC GW socket",
661 : (u8 *) addr.sun_path,
662 : os_strlen(addr.sun_path));
663 0 : close(data->sock);
664 0 : data->sock = -1;
665 0 : unlink(data->local_sock);
666 0 : os_free(data->local_sock);
667 0 : data->local_sock = NULL;
668 0 : return -1;
669 : }
670 :
671 3 : eloop_register_read_sock(data->sock, eap_sim_db_receive, data, NULL);
672 :
673 3 : return 0;
674 : }
675 :
676 :
677 3 : static void eap_sim_db_close_socket(struct eap_sim_db_data *data)
678 : {
679 3 : if (data->sock >= 0) {
680 3 : eloop_unregister_read_sock(data->sock);
681 3 : close(data->sock);
682 3 : data->sock = -1;
683 : }
684 3 : if (data->local_sock) {
685 3 : unlink(data->local_sock);
686 3 : os_free(data->local_sock);
687 3 : data->local_sock = NULL;
688 : }
689 3 : }
690 :
691 :
692 : /**
693 : * eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface
694 : * @config: Configuration data (e.g., file name)
695 : * @get_complete_cb: Callback function for reporting availability of triplets
696 : * @ctx: Context pointer for get_complete_cb
697 : * Returns: Pointer to a private data structure or %NULL on failure
698 : */
699 : struct eap_sim_db_data *
700 3 : eap_sim_db_init(const char *config,
701 : void (*get_complete_cb)(void *ctx, void *session_ctx),
702 : void *ctx)
703 : {
704 : struct eap_sim_db_data *data;
705 : char *pos;
706 :
707 3 : data = os_zalloc(sizeof(*data));
708 3 : if (data == NULL)
709 0 : return NULL;
710 :
711 3 : data->sock = -1;
712 3 : data->get_complete_cb = get_complete_cb;
713 3 : data->ctx = ctx;
714 3 : data->fname = os_strdup(config);
715 3 : if (data->fname == NULL)
716 0 : goto fail;
717 3 : pos = os_strstr(data->fname, " db=");
718 3 : if (pos) {
719 1 : *pos = '\0';
720 : #ifdef CONFIG_SQLITE
721 1 : pos += 4;
722 1 : data->sqlite_db = db_open(pos);
723 1 : if (data->sqlite_db == NULL)
724 0 : goto fail;
725 : #endif /* CONFIG_SQLITE */
726 : }
727 :
728 3 : if (os_strncmp(data->fname, "unix:", 5) == 0) {
729 3 : if (eap_sim_db_open_socket(data)) {
730 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External database "
731 : "connection not available - will retry "
732 : "later");
733 : }
734 : }
735 :
736 3 : return data;
737 :
738 : fail:
739 0 : eap_sim_db_close_socket(data);
740 0 : os_free(data->fname);
741 0 : os_free(data);
742 0 : return NULL;
743 : }
744 :
745 :
746 9 : static void eap_sim_db_free_pseudonym(struct eap_sim_pseudonym *p)
747 : {
748 9 : os_free(p->permanent);
749 9 : os_free(p->pseudonym);
750 9 : os_free(p);
751 9 : }
752 :
753 :
754 9 : static void eap_sim_db_free_reauth(struct eap_sim_reauth *r)
755 : {
756 9 : os_free(r->permanent);
757 9 : os_free(r->reauth_id);
758 9 : os_free(r);
759 9 : }
760 :
761 :
762 : /**
763 : * eap_sim_db_deinit - Deinitialize EAP-SIM DB/authentication gw interface
764 : * @priv: Private data pointer from eap_sim_db_init()
765 : */
766 3 : void eap_sim_db_deinit(void *priv)
767 : {
768 3 : struct eap_sim_db_data *data = priv;
769 : struct eap_sim_pseudonym *p, *prev;
770 : struct eap_sim_reauth *r, *prevr;
771 : struct eap_sim_db_pending *pending, *prev_pending;
772 :
773 : #ifdef CONFIG_SQLITE
774 3 : if (data->sqlite_db) {
775 1 : sqlite3_close(data->sqlite_db);
776 1 : data->sqlite_db = NULL;
777 : }
778 : #endif /* CONFIG_SQLITE */
779 :
780 3 : eap_sim_db_close_socket(data);
781 3 : os_free(data->fname);
782 :
783 3 : p = data->pseudonyms;
784 15 : while (p) {
785 9 : prev = p;
786 9 : p = p->next;
787 9 : eap_sim_db_free_pseudonym(prev);
788 : }
789 :
790 3 : r = data->reauths;
791 15 : while (r) {
792 9 : prevr = r;
793 9 : r = r->next;
794 9 : eap_sim_db_free_reauth(prevr);
795 : }
796 :
797 3 : pending = data->pending;
798 6 : while (pending) {
799 0 : prev_pending = pending;
800 0 : pending = pending->next;
801 0 : os_free(prev_pending);
802 : }
803 :
804 3 : os_free(data);
805 3 : }
806 :
807 :
808 52 : static int eap_sim_db_send(struct eap_sim_db_data *data, const char *msg,
809 : size_t len)
810 : {
811 52 : int _errno = 0;
812 :
813 52 : if (send(data->sock, msg, len, 0) < 0) {
814 0 : _errno = errno;
815 0 : wpa_printf(MSG_INFO, "send[EAP-SIM DB UNIX]: %s",
816 0 : strerror(errno));
817 : }
818 :
819 52 : if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL ||
820 : _errno == ECONNREFUSED) {
821 : /* Try to reconnect */
822 0 : eap_sim_db_close_socket(data);
823 0 : if (eap_sim_db_open_socket(data) < 0)
824 0 : return -1;
825 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Reconnected to the "
826 : "external server");
827 0 : if (send(data->sock, msg, len, 0) < 0) {
828 0 : wpa_printf(MSG_INFO, "send[EAP-SIM DB UNIX]: %s",
829 0 : strerror(errno));
830 0 : return -1;
831 : }
832 : }
833 :
834 52 : return 0;
835 : }
836 :
837 :
838 51 : static void eap_sim_db_expire_pending(struct eap_sim_db_data *data)
839 : {
840 : /* TODO: add limit for maximum length for pending list; remove latest
841 : * (i.e., last) entry from the list if the limit is reached; could also
842 : * use timeout to expire pending entries */
843 51 : }
844 :
845 :
846 : /**
847 : * eap_sim_db_get_gsm_triplets - Get GSM triplets
848 : * @data: Private data pointer from eap_sim_db_init()
849 : * @username: Permanent username (prefix | IMSI)
850 : * @max_chal: Maximum number of triplets
851 : * @_rand: Buffer for RAND values
852 : * @kc: Buffer for Kc values
853 : * @sres: Buffer for SRES values
854 : * @cb_session_ctx: Session callback context for get_complete_cb()
855 : * Returns: Number of triplets received (has to be less than or equal to
856 : * max_chal), -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or
857 : * -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the
858 : * callback function registered with eap_sim_db_init() will be called once the
859 : * results become available.
860 : *
861 : * When using an external server for GSM triplets, this function can always
862 : * start a request and return EAP_SIM_DB_PENDING immediately if authentication
863 : * triplets are not available. Once the triplets are received, callback
864 : * function registered with eap_sim_db_init() is called to notify EAP state
865 : * machine to reprocess the message. This eap_sim_db_get_gsm_triplets()
866 : * function will then be called again and the newly received triplets will then
867 : * be given to the caller.
868 : */
869 42 : int eap_sim_db_get_gsm_triplets(struct eap_sim_db_data *data,
870 : const char *username, int max_chal,
871 : u8 *_rand, u8 *kc, u8 *sres,
872 : void *cb_session_ctx)
873 : {
874 : struct eap_sim_db_pending *entry;
875 : int len, ret;
876 : char msg[40];
877 : const char *imsi;
878 : size_t imsi_len;
879 :
880 84 : if (username == NULL || username[0] != EAP_SIM_PERMANENT_PREFIX ||
881 84 : username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
882 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
883 : username);
884 0 : return EAP_SIM_DB_FAILURE;
885 : }
886 42 : imsi = username + 1;
887 42 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI '%s'",
888 : imsi);
889 :
890 42 : entry = eap_sim_db_get_pending(data, imsi, 0);
891 42 : if (entry) {
892 : int num_chal;
893 21 : if (entry->state == FAILURE) {
894 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
895 : "failure");
896 1 : os_free(entry);
897 1 : return EAP_SIM_DB_FAILURE;
898 : }
899 :
900 20 : if (entry->state == PENDING) {
901 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
902 : "still pending");
903 0 : eap_sim_db_add_pending(data, entry);
904 0 : return EAP_SIM_DB_PENDING;
905 : }
906 :
907 20 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
908 : "%d challenges", entry->u.sim.num_chal);
909 20 : num_chal = entry->u.sim.num_chal;
910 20 : if (num_chal > max_chal)
911 0 : num_chal = max_chal;
912 20 : os_memcpy(_rand, entry->u.sim.rand, num_chal * GSM_RAND_LEN);
913 20 : os_memcpy(sres, entry->u.sim.sres,
914 : num_chal * EAP_SIM_SRES_LEN);
915 20 : os_memcpy(kc, entry->u.sim.kc, num_chal * EAP_SIM_KC_LEN);
916 20 : os_free(entry);
917 20 : return num_chal;
918 : }
919 :
920 21 : if (data->sock < 0) {
921 0 : if (eap_sim_db_open_socket(data) < 0)
922 0 : return EAP_SIM_DB_FAILURE;
923 : }
924 :
925 21 : imsi_len = os_strlen(imsi);
926 21 : len = os_snprintf(msg, sizeof(msg), "SIM-REQ-AUTH ");
927 21 : if (len < 0 || len + imsi_len >= sizeof(msg))
928 0 : return EAP_SIM_DB_FAILURE;
929 21 : os_memcpy(msg + len, imsi, imsi_len);
930 21 : len += imsi_len;
931 21 : ret = os_snprintf(msg + len, sizeof(msg) - len, " %d", max_chal);
932 21 : if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
933 0 : return EAP_SIM_DB_FAILURE;
934 21 : len += ret;
935 :
936 21 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting SIM authentication "
937 : "data for IMSI '%s'", imsi);
938 21 : if (eap_sim_db_send(data, msg, len) < 0)
939 0 : return EAP_SIM_DB_FAILURE;
940 :
941 21 : entry = os_zalloc(sizeof(*entry));
942 21 : if (entry == NULL)
943 0 : return EAP_SIM_DB_FAILURE;
944 :
945 21 : os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
946 21 : entry->cb_session_ctx = cb_session_ctx;
947 21 : entry->state = PENDING;
948 21 : eap_sim_db_add_pending(data, entry);
949 21 : eap_sim_db_expire_pending(data);
950 :
951 21 : return EAP_SIM_DB_PENDING;
952 : }
953 :
954 :
955 118 : static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix)
956 : {
957 : char *id, *pos, *end;
958 : u8 buf[10];
959 :
960 118 : if (random_get_bytes(buf, sizeof(buf)))
961 0 : return NULL;
962 118 : id = os_malloc(sizeof(buf) * 2 + 2);
963 118 : if (id == NULL)
964 0 : return NULL;
965 :
966 118 : pos = id;
967 118 : end = id + sizeof(buf) * 2 + 2;
968 118 : *pos++ = prefix;
969 118 : pos += wpa_snprintf_hex(pos, end - pos, buf, sizeof(buf));
970 :
971 118 : return id;
972 : }
973 :
974 :
975 : /**
976 : * eap_sim_db_get_next_pseudonym - EAP-SIM DB: Get next pseudonym
977 : * @data: Private data pointer from eap_sim_db_init()
978 : * @method: EAP method (SIM/AKA/AKA')
979 : * Returns: Next pseudonym (allocated string) or %NULL on failure
980 : *
981 : * This function is used to generate a pseudonym for EAP-SIM. The returned
982 : * pseudonym is not added to database at this point; it will need to be added
983 : * with eap_sim_db_add_pseudonym() once the authentication has been completed
984 : * successfully. Caller is responsible for freeing the returned buffer.
985 : */
986 50 : char * eap_sim_db_get_next_pseudonym(struct eap_sim_db_data *data,
987 : enum eap_sim_db_method method)
988 : {
989 50 : char prefix = EAP_SIM_REAUTH_ID_PREFIX;
990 :
991 50 : switch (method) {
992 : case EAP_SIM_DB_SIM:
993 20 : prefix = EAP_SIM_PSEUDONYM_PREFIX;
994 20 : break;
995 : case EAP_SIM_DB_AKA:
996 18 : prefix = EAP_AKA_PSEUDONYM_PREFIX;
997 18 : break;
998 : case EAP_SIM_DB_AKA_PRIME:
999 12 : prefix = EAP_AKA_PRIME_PSEUDONYM_PREFIX;
1000 12 : break;
1001 : }
1002 :
1003 50 : return eap_sim_db_get_next(data, prefix);
1004 : }
1005 :
1006 :
1007 : /**
1008 : * eap_sim_db_get_next_reauth_id - EAP-SIM DB: Get next reauth_id
1009 : * @data: Private data pointer from eap_sim_db_init()
1010 : * @method: EAP method (SIM/AKA/AKA')
1011 : * Returns: Next reauth_id (allocated string) or %NULL on failure
1012 : *
1013 : * This function is used to generate a fast re-authentication identity for
1014 : * EAP-SIM. The returned reauth_id is not added to database at this point; it
1015 : * will need to be added with eap_sim_db_add_reauth() once the authentication
1016 : * has been completed successfully. Caller is responsible for freeing the
1017 : * returned buffer.
1018 : */
1019 68 : char * eap_sim_db_get_next_reauth_id(struct eap_sim_db_data *data,
1020 : enum eap_sim_db_method method)
1021 : {
1022 68 : char prefix = EAP_SIM_REAUTH_ID_PREFIX;
1023 :
1024 68 : switch (method) {
1025 : case EAP_SIM_DB_SIM:
1026 26 : prefix = EAP_SIM_REAUTH_ID_PREFIX;
1027 26 : break;
1028 : case EAP_SIM_DB_AKA:
1029 24 : prefix = EAP_AKA_REAUTH_ID_PREFIX;
1030 24 : break;
1031 : case EAP_SIM_DB_AKA_PRIME:
1032 18 : prefix = EAP_AKA_PRIME_REAUTH_ID_PREFIX;
1033 18 : break;
1034 : }
1035 :
1036 68 : return eap_sim_db_get_next(data, prefix);
1037 : }
1038 :
1039 :
1040 : /**
1041 : * eap_sim_db_add_pseudonym - EAP-SIM DB: Add new pseudonym
1042 : * @data: Private data pointer from eap_sim_db_init()
1043 : * @permanent: Permanent username
1044 : * @pseudonym: Pseudonym for this user. This needs to be an allocated buffer,
1045 : * e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not
1046 : * free it.
1047 : * Returns: 0 on success, -1 on failure
1048 : *
1049 : * This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is
1050 : * responsible of freeing pseudonym buffer once it is not needed anymore.
1051 : */
1052 44 : int eap_sim_db_add_pseudonym(struct eap_sim_db_data *data,
1053 : const char *permanent, char *pseudonym)
1054 : {
1055 : struct eap_sim_pseudonym *p;
1056 44 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add pseudonym '%s' for permanent "
1057 : "username '%s'", pseudonym, permanent);
1058 :
1059 : /* TODO: could store last two pseudonyms */
1060 : #ifdef CONFIG_SQLITE
1061 44 : if (data->sqlite_db)
1062 18 : return db_add_pseudonym(data, permanent, pseudonym);
1063 : #endif /* CONFIG_SQLITE */
1064 66 : for (p = data->pseudonyms; p; p = p->next) {
1065 57 : if (os_strcmp(permanent, p->permanent) == 0)
1066 17 : break;
1067 : }
1068 26 : if (p) {
1069 17 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1070 : "pseudonym: %s", p->pseudonym);
1071 17 : os_free(p->pseudonym);
1072 17 : p->pseudonym = pseudonym;
1073 17 : return 0;
1074 : }
1075 :
1076 9 : p = os_zalloc(sizeof(*p));
1077 9 : if (p == NULL) {
1078 0 : os_free(pseudonym);
1079 0 : return -1;
1080 : }
1081 :
1082 9 : p->next = data->pseudonyms;
1083 9 : p->permanent = os_strdup(permanent);
1084 9 : if (p->permanent == NULL) {
1085 0 : os_free(p);
1086 0 : os_free(pseudonym);
1087 0 : return -1;
1088 : }
1089 9 : p->pseudonym = pseudonym;
1090 9 : data->pseudonyms = p;
1091 :
1092 9 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new pseudonym entry");
1093 9 : return 0;
1094 : }
1095 :
1096 :
1097 : static struct eap_sim_reauth *
1098 32 : eap_sim_db_add_reauth_data(struct eap_sim_db_data *data,
1099 : const char *permanent,
1100 : char *reauth_id, u16 counter)
1101 : {
1102 : struct eap_sim_reauth *r;
1103 :
1104 72 : for (r = data->reauths; r; r = r->next) {
1105 63 : if (os_strcmp(r->permanent, permanent) == 0)
1106 23 : break;
1107 : }
1108 :
1109 32 : if (r) {
1110 23 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1111 : "reauth_id: %s", r->reauth_id);
1112 23 : os_free(r->reauth_id);
1113 23 : r->reauth_id = reauth_id;
1114 : } else {
1115 9 : r = os_zalloc(sizeof(*r));
1116 9 : if (r == NULL) {
1117 0 : os_free(reauth_id);
1118 0 : return NULL;
1119 : }
1120 :
1121 9 : r->next = data->reauths;
1122 9 : r->permanent = os_strdup(permanent);
1123 9 : if (r->permanent == NULL) {
1124 0 : os_free(r);
1125 0 : os_free(reauth_id);
1126 0 : return NULL;
1127 : }
1128 9 : r->reauth_id = reauth_id;
1129 9 : data->reauths = r;
1130 9 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new reauth entry");
1131 : }
1132 :
1133 32 : r->counter = counter;
1134 :
1135 32 : return r;
1136 : }
1137 :
1138 :
1139 : /**
1140 : * eap_sim_db_add_reauth - EAP-SIM DB: Add new re-authentication entry
1141 : * @priv: Private data pointer from eap_sim_db_init()
1142 : * @permanent: Permanent username
1143 : * @identity_len: Length of identity
1144 : * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1145 : * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1146 : * free it.
1147 : * @counter: AT_COUNTER value for fast re-authentication
1148 : * @mk: 16-byte MK from the previous full authentication or %NULL
1149 : * Returns: 0 on success, -1 on failure
1150 : *
1151 : * This function adds a new re-authentication entry for an EAP-SIM user.
1152 : * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1153 : * anymore.
1154 : */
1155 41 : int eap_sim_db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
1156 : char *reauth_id, u16 counter, const u8 *mk)
1157 : {
1158 : struct eap_sim_reauth *r;
1159 :
1160 41 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1161 : "identity '%s'", reauth_id, permanent);
1162 :
1163 : #ifdef CONFIG_SQLITE
1164 41 : if (data->sqlite_db)
1165 16 : return db_add_reauth(data, permanent, reauth_id, counter, mk,
1166 : NULL, NULL, NULL);
1167 : #endif /* CONFIG_SQLITE */
1168 25 : r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1169 25 : if (r == NULL)
1170 0 : return -1;
1171 :
1172 25 : os_memcpy(r->mk, mk, EAP_SIM_MK_LEN);
1173 :
1174 25 : return 0;
1175 : }
1176 :
1177 :
1178 : #ifdef EAP_SERVER_AKA_PRIME
1179 : /**
1180 : * eap_sim_db_add_reauth_prime - EAP-AKA' DB: Add new re-authentication entry
1181 : * @data: Private data pointer from eap_sim_db_init()
1182 : * @permanent: Permanent username
1183 : * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1184 : * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1185 : * free it.
1186 : * @counter: AT_COUNTER value for fast re-authentication
1187 : * @k_encr: K_encr from the previous full authentication
1188 : * @k_aut: K_aut from the previous full authentication
1189 : * @k_re: 32-byte K_re from the previous full authentication
1190 : * Returns: 0 on success, -1 on failure
1191 : *
1192 : * This function adds a new re-authentication entry for an EAP-AKA' user.
1193 : * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1194 : * anymore.
1195 : */
1196 15 : int eap_sim_db_add_reauth_prime(struct eap_sim_db_data *data,
1197 : const char *permanent, char *reauth_id,
1198 : u16 counter, const u8 *k_encr,
1199 : const u8 *k_aut, const u8 *k_re)
1200 : {
1201 : struct eap_sim_reauth *r;
1202 :
1203 15 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1204 : "identity '%s'", reauth_id, permanent);
1205 :
1206 : #ifdef CONFIG_SQLITE
1207 15 : if (data->sqlite_db)
1208 8 : return db_add_reauth(data, permanent, reauth_id, counter, NULL,
1209 : k_encr, k_aut, k_re);
1210 : #endif /* CONFIG_SQLITE */
1211 7 : r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1212 7 : if (r == NULL)
1213 0 : return -1;
1214 :
1215 7 : os_memcpy(r->k_encr, k_encr, EAP_SIM_K_ENCR_LEN);
1216 7 : os_memcpy(r->k_aut, k_aut, EAP_AKA_PRIME_K_AUT_LEN);
1217 7 : os_memcpy(r->k_re, k_re, EAP_AKA_PRIME_K_RE_LEN);
1218 :
1219 7 : return 0;
1220 : }
1221 : #endif /* EAP_SERVER_AKA_PRIME */
1222 :
1223 :
1224 : /**
1225 : * eap_sim_db_get_permanent - EAP-SIM DB: Get permanent identity
1226 : * @data: Private data pointer from eap_sim_db_init()
1227 : * @pseudonym: Pseudonym username
1228 : * Returns: Pointer to permanent username or %NULL if not found
1229 : */
1230 : const char *
1231 12 : eap_sim_db_get_permanent(struct eap_sim_db_data *data, const char *pseudonym)
1232 : {
1233 : struct eap_sim_pseudonym *p;
1234 :
1235 : #ifdef CONFIG_SQLITE
1236 12 : if (data->sqlite_db)
1237 9 : return db_get_pseudonym(data, pseudonym);
1238 : #endif /* CONFIG_SQLITE */
1239 :
1240 3 : p = data->pseudonyms;
1241 12 : while (p) {
1242 6 : if (os_strcmp(p->pseudonym, pseudonym) == 0)
1243 0 : return p->permanent;
1244 6 : p = p->next;
1245 : }
1246 :
1247 3 : return NULL;
1248 : }
1249 :
1250 :
1251 : /**
1252 : * eap_sim_db_get_reauth_entry - EAP-SIM DB: Get re-authentication entry
1253 : * @data: Private data pointer from eap_sim_db_init()
1254 : * @reauth_id: Fast re-authentication username
1255 : * Returns: Pointer to the re-auth entry, or %NULL if not found
1256 : */
1257 : struct eap_sim_reauth *
1258 31 : eap_sim_db_get_reauth_entry(struct eap_sim_db_data *data,
1259 : const char *reauth_id)
1260 : {
1261 : struct eap_sim_reauth *r;
1262 :
1263 : #ifdef CONFIG_SQLITE
1264 31 : if (data->sqlite_db)
1265 25 : return db_get_reauth(data, reauth_id);
1266 : #endif /* CONFIG_SQLITE */
1267 :
1268 6 : r = data->reauths;
1269 12 : while (r) {
1270 6 : if (os_strcmp(r->reauth_id, reauth_id) == 0)
1271 6 : break;
1272 0 : r = r->next;
1273 : }
1274 :
1275 6 : return r;
1276 : }
1277 :
1278 :
1279 : /**
1280 : * eap_sim_db_remove_reauth - EAP-SIM DB: Remove re-authentication entry
1281 : * @data: Private data pointer from eap_sim_db_init()
1282 : * @reauth: Pointer to re-authentication entry from
1283 : * eap_sim_db_get_reauth_entry()
1284 : */
1285 3 : void eap_sim_db_remove_reauth(struct eap_sim_db_data *data,
1286 : struct eap_sim_reauth *reauth)
1287 : {
1288 3 : struct eap_sim_reauth *r, *prev = NULL;
1289 : #ifdef CONFIG_SQLITE
1290 3 : if (data->sqlite_db) {
1291 3 : db_remove_reauth(data, reauth);
1292 3 : return;
1293 : }
1294 : #endif /* CONFIG_SQLITE */
1295 0 : r = data->reauths;
1296 0 : while (r) {
1297 0 : if (r == reauth) {
1298 0 : if (prev)
1299 0 : prev->next = r->next;
1300 : else
1301 0 : data->reauths = r->next;
1302 0 : eap_sim_db_free_reauth(r);
1303 0 : return;
1304 : }
1305 0 : prev = r;
1306 0 : r = r->next;
1307 : }
1308 : }
1309 :
1310 :
1311 : /**
1312 : * eap_sim_db_get_aka_auth - Get AKA authentication values
1313 : * @data: Private data pointer from eap_sim_db_init()
1314 : * @username: Permanent username (prefix | IMSI)
1315 : * @_rand: Buffer for RAND value
1316 : * @autn: Buffer for AUTN value
1317 : * @ik: Buffer for IK value
1318 : * @ck: Buffer for CK value
1319 : * @res: Buffer for RES value
1320 : * @res_len: Buffer for RES length
1321 : * @cb_session_ctx: Session callback context for get_complete_cb()
1322 : * Returns: 0 on success, -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not
1323 : * found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this
1324 : * case, the callback function registered with eap_sim_db_init() will be
1325 : * called once the results become available.
1326 : *
1327 : * When using an external server for AKA authentication, this function can
1328 : * always start a request and return EAP_SIM_DB_PENDING immediately if
1329 : * authentication triplets are not available. Once the authentication data are
1330 : * received, callback function registered with eap_sim_db_init() is called to
1331 : * notify EAP state machine to reprocess the message. This
1332 : * eap_sim_db_get_aka_auth() function will then be called again and the newly
1333 : * received triplets will then be given to the caller.
1334 : */
1335 60 : int eap_sim_db_get_aka_auth(struct eap_sim_db_data *data, const char *username,
1336 : u8 *_rand, u8 *autn, u8 *ik, u8 *ck,
1337 : u8 *res, size_t *res_len, void *cb_session_ctx)
1338 : {
1339 : struct eap_sim_db_pending *entry;
1340 : int len;
1341 : char msg[40];
1342 : const char *imsi;
1343 : size_t imsi_len;
1344 :
1345 120 : if (username == NULL ||
1346 84 : (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1347 84 : username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1348 120 : username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
1349 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1350 : username);
1351 0 : return EAP_SIM_DB_FAILURE;
1352 : }
1353 60 : imsi = username + 1;
1354 60 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1355 : imsi);
1356 :
1357 60 : entry = eap_sim_db_get_pending(data, imsi, 1);
1358 60 : if (entry) {
1359 30 : if (entry->state == FAILURE) {
1360 0 : os_free(entry);
1361 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failure");
1362 0 : return EAP_SIM_DB_FAILURE;
1363 : }
1364 :
1365 30 : if (entry->state == PENDING) {
1366 0 : eap_sim_db_add_pending(data, entry);
1367 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending");
1368 0 : return EAP_SIM_DB_PENDING;
1369 : }
1370 :
1371 30 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Returning successfully "
1372 : "received authentication data");
1373 30 : os_memcpy(_rand, entry->u.aka.rand, EAP_AKA_RAND_LEN);
1374 30 : os_memcpy(autn, entry->u.aka.autn, EAP_AKA_AUTN_LEN);
1375 30 : os_memcpy(ik, entry->u.aka.ik, EAP_AKA_IK_LEN);
1376 30 : os_memcpy(ck, entry->u.aka.ck, EAP_AKA_CK_LEN);
1377 30 : os_memcpy(res, entry->u.aka.res, EAP_AKA_RES_MAX_LEN);
1378 30 : *res_len = entry->u.aka.res_len;
1379 30 : os_free(entry);
1380 30 : return 0;
1381 : }
1382 :
1383 30 : if (data->sock < 0) {
1384 0 : if (eap_sim_db_open_socket(data) < 0)
1385 0 : return EAP_SIM_DB_FAILURE;
1386 : }
1387 :
1388 30 : imsi_len = os_strlen(imsi);
1389 30 : len = os_snprintf(msg, sizeof(msg), "AKA-REQ-AUTH ");
1390 30 : if (len < 0 || len + imsi_len >= sizeof(msg))
1391 0 : return EAP_SIM_DB_FAILURE;
1392 30 : os_memcpy(msg + len, imsi, imsi_len);
1393 30 : len += imsi_len;
1394 :
1395 30 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting AKA authentication "
1396 : "data for IMSI '%s'", imsi);
1397 30 : if (eap_sim_db_send(data, msg, len) < 0)
1398 0 : return EAP_SIM_DB_FAILURE;
1399 :
1400 30 : entry = os_zalloc(sizeof(*entry));
1401 30 : if (entry == NULL)
1402 0 : return EAP_SIM_DB_FAILURE;
1403 :
1404 30 : entry->aka = 1;
1405 30 : os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
1406 30 : entry->cb_session_ctx = cb_session_ctx;
1407 30 : entry->state = PENDING;
1408 30 : eap_sim_db_add_pending(data, entry);
1409 30 : eap_sim_db_expire_pending(data);
1410 :
1411 30 : return EAP_SIM_DB_PENDING;
1412 : }
1413 :
1414 :
1415 : /**
1416 : * eap_sim_db_resynchronize - Resynchronize AKA AUTN
1417 : * @data: Private data pointer from eap_sim_db_init()
1418 : * @username: Permanent username
1419 : * @auts: AUTS value from the peer
1420 : * @_rand: RAND value used in the rejected message
1421 : * Returns: 0 on success, -1 on failure
1422 : *
1423 : * This function is called when the peer reports synchronization failure in the
1424 : * AUTN value by sending AUTS. The AUTS and RAND values should be sent to
1425 : * HLR/AuC to allow it to resynchronize with the peer. After this,
1426 : * eap_sim_db_get_aka_auth() will be called again to to fetch updated
1427 : * RAND/AUTN values for the next challenge.
1428 : */
1429 1 : int eap_sim_db_resynchronize(struct eap_sim_db_data *data,
1430 : const char *username,
1431 : const u8 *auts, const u8 *_rand)
1432 : {
1433 : const char *imsi;
1434 : size_t imsi_len;
1435 :
1436 2 : if (username == NULL ||
1437 1 : (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1438 1 : username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1439 2 : username[1] == '\0' || os_strlen(username) > 20) {
1440 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1441 : username);
1442 0 : return -1;
1443 : }
1444 1 : imsi = username + 1;
1445 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1446 : imsi);
1447 :
1448 1 : if (data->sock >= 0) {
1449 : char msg[100];
1450 : int len, ret;
1451 :
1452 1 : imsi_len = os_strlen(imsi);
1453 1 : len = os_snprintf(msg, sizeof(msg), "AKA-AUTS ");
1454 1 : if (len < 0 || len + imsi_len >= sizeof(msg))
1455 0 : return -1;
1456 1 : os_memcpy(msg + len, imsi, imsi_len);
1457 1 : len += imsi_len;
1458 :
1459 1 : ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1460 1 : if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
1461 0 : return -1;
1462 1 : len += ret;
1463 1 : len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1464 : auts, EAP_AKA_AUTS_LEN);
1465 1 : ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1466 1 : if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
1467 0 : return -1;
1468 1 : len += ret;
1469 1 : len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1470 : _rand, EAP_AKA_RAND_LEN);
1471 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for "
1472 : "IMSI '%s'", imsi);
1473 1 : if (eap_sim_db_send(data, msg, len) < 0)
1474 0 : return -1;
1475 : }
1476 :
1477 1 : return 0;
1478 : }
1479 :
1480 :
1481 : /**
1482 : * sim_get_username - Extract username from SIM identity
1483 : * @identity: Identity
1484 : * @identity_len: Identity length
1485 : * Returns: Allocated buffer with the username part of the identity
1486 : *
1487 : * Caller is responsible for freeing the returned buffer with os_free().
1488 : */
1489 153 : char * sim_get_username(const u8 *identity, size_t identity_len)
1490 : {
1491 : size_t pos;
1492 :
1493 153 : if (identity == NULL)
1494 0 : return NULL;
1495 :
1496 2773 : for (pos = 0; pos < identity_len; pos++) {
1497 2649 : if (identity[pos] == '@' || identity[pos] == '\0')
1498 : break;
1499 : }
1500 :
1501 153 : return dup_binstr(identity, pos);
1502 : }
|
