Line data Source code
1 : /*
2 : * hostapd / EAP-SIM database/authenticator gateway
3 : * Copyright (c) 2005-2010, 2012, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : *
8 : * This is an example implementation of the EAP-SIM/AKA database/authentication
9 : * gateway interface that is using an external program as an SS7 gateway to
10 : * GSM/UMTS authentication center (HLR/AuC). hlr_auc_gw is an example
11 : * implementation of such a gateway program. This eap_sim_db.c takes care of
12 : * EAP-SIM/AKA pseudonyms and re-auth identities. It can be used with different
13 : * gateway implementations for HLR/AuC access. Alternatively, it can also be
14 : * completely replaced if the in-memory database of pseudonyms/re-auth
15 : * identities is not suitable for some cases.
16 : */
17 :
18 : #include "includes.h"
19 : #include <sys/un.h>
20 : #ifdef CONFIG_SQLITE
21 : #include <sqlite3.h>
22 : #endif /* CONFIG_SQLITE */
23 :
24 : #include "common.h"
25 : #include "crypto/random.h"
26 : #include "eap_common/eap_sim_common.h"
27 : #include "eap_server/eap_sim_db.h"
28 : #include "eloop.h"
29 :
30 : struct eap_sim_pseudonym {
31 : struct eap_sim_pseudonym *next;
32 : char *permanent; /* permanent username */
33 : char *pseudonym; /* pseudonym username */
34 : };
35 :
36 : struct eap_sim_db_pending {
37 : struct eap_sim_db_pending *next;
38 : char imsi[20];
39 : enum { PENDING, SUCCESS, FAILURE } state;
40 : void *cb_session_ctx;
41 : int aka;
42 : union {
43 : struct {
44 : u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN];
45 : u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN];
46 : u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN];
47 : int num_chal;
48 : } sim;
49 : struct {
50 : u8 rand[EAP_AKA_RAND_LEN];
51 : u8 autn[EAP_AKA_AUTN_LEN];
52 : u8 ik[EAP_AKA_IK_LEN];
53 : u8 ck[EAP_AKA_CK_LEN];
54 : u8 res[EAP_AKA_RES_MAX_LEN];
55 : size_t res_len;
56 : } aka;
57 : } u;
58 : };
59 :
60 : struct eap_sim_db_data {
61 : int sock;
62 : char *fname;
63 : char *local_sock;
64 : void (*get_complete_cb)(void *ctx, void *session_ctx);
65 : void *ctx;
66 : struct eap_sim_pseudonym *pseudonyms;
67 : struct eap_sim_reauth *reauths;
68 : struct eap_sim_db_pending *pending;
69 : #ifdef CONFIG_SQLITE
70 : sqlite3 *sqlite_db;
71 : char db_tmp_identity[100];
72 : char db_tmp_pseudonym_str[100];
73 : struct eap_sim_pseudonym db_tmp_pseudonym;
74 : struct eap_sim_reauth db_tmp_reauth;
75 : #endif /* CONFIG_SQLITE */
76 : };
77 :
78 :
79 : #ifdef CONFIG_SQLITE
80 :
81 10 : static int db_table_exists(sqlite3 *db, const char *name)
82 : {
83 : char cmd[128];
84 10 : os_snprintf(cmd, sizeof(cmd), "SELECT 1 FROM %s;", name);
85 10 : return sqlite3_exec(db, cmd, NULL, NULL, NULL) == SQLITE_OK;
86 : }
87 :
88 :
89 5 : static int db_table_create_pseudonym(sqlite3 *db)
90 : {
91 5 : char *err = NULL;
92 5 : const char *sql =
93 : "CREATE TABLE pseudonyms("
94 : " permanent CHAR(21) PRIMARY KEY,"
95 : " pseudonym CHAR(21) NOT NULL"
96 : ");";
97 :
98 5 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
99 : "pseudonym information");
100 5 : if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
101 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
102 0 : sqlite3_free(err);
103 0 : return -1;
104 : }
105 :
106 5 : return 0;
107 : }
108 :
109 :
110 5 : static int db_table_create_reauth(sqlite3 *db)
111 : {
112 5 : char *err = NULL;
113 5 : const char *sql =
114 : "CREATE TABLE reauth("
115 : " permanent CHAR(21) PRIMARY KEY,"
116 : " reauth_id CHAR(21) NOT NULL,"
117 : " counter INTEGER,"
118 : " mk CHAR(40),"
119 : " k_encr CHAR(32),"
120 : " k_aut CHAR(64),"
121 : " k_re CHAR(64)"
122 : ");";
123 :
124 5 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
125 : "reauth information");
126 5 : if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
127 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
128 0 : sqlite3_free(err);
129 0 : return -1;
130 : }
131 :
132 5 : return 0;
133 : }
134 :
135 :
136 5 : static sqlite3 * db_open(const char *db_file)
137 : {
138 : sqlite3 *db;
139 :
140 5 : if (sqlite3_open(db_file, &db)) {
141 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: Failed to open database "
142 : "%s: %s", db_file, sqlite3_errmsg(db));
143 0 : sqlite3_close(db);
144 0 : return NULL;
145 : }
146 :
147 10 : if (!db_table_exists(db, "pseudonyms") &&
148 5 : db_table_create_pseudonym(db) < 0) {
149 0 : sqlite3_close(db);
150 0 : return NULL;
151 : }
152 :
153 10 : if (!db_table_exists(db, "reauth") &&
154 5 : db_table_create_reauth(db) < 0) {
155 0 : sqlite3_close(db);
156 0 : return NULL;
157 : }
158 :
159 5 : return db;
160 : }
161 :
162 :
163 121 : static int valid_db_string(const char *str)
164 : {
165 121 : const char *pos = str;
166 2558 : while (*pos) {
167 2899 : if ((*pos < '0' || *pos > '9') &&
168 1166 : (*pos < 'a' || *pos > 'f'))
169 0 : return 0;
170 2316 : pos++;
171 : }
172 121 : return 1;
173 : }
174 :
175 :
176 18 : static int db_add_pseudonym(struct eap_sim_db_data *data,
177 : const char *permanent, char *pseudonym)
178 : {
179 : char cmd[128];
180 18 : char *err = NULL;
181 :
182 18 : if (!valid_db_string(permanent) || !valid_db_string(pseudonym)) {
183 0 : os_free(pseudonym);
184 0 : return -1;
185 : }
186 :
187 18 : os_snprintf(cmd, sizeof(cmd), "INSERT OR REPLACE INTO pseudonyms "
188 : "(permanent, pseudonym) VALUES ('%s', '%s');",
189 : permanent, pseudonym);
190 18 : os_free(pseudonym);
191 18 : if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
192 : {
193 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
194 0 : sqlite3_free(err);
195 0 : return -1;
196 : }
197 :
198 18 : return 0;
199 : }
200 :
201 :
202 6 : static int get_pseudonym_cb(void *ctx, int argc, char *argv[], char *col[])
203 : {
204 6 : struct eap_sim_db_data *data = ctx;
205 : int i;
206 :
207 12 : for (i = 0; i < argc; i++) {
208 6 : if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
209 6 : os_strlcpy(data->db_tmp_identity, argv[i],
210 : sizeof(data->db_tmp_identity));
211 : }
212 : }
213 :
214 6 : return 0;
215 : }
216 :
217 :
218 : static char *
219 9 : db_get_pseudonym(struct eap_sim_db_data *data, const char *pseudonym)
220 : {
221 : char cmd[128];
222 :
223 9 : if (!valid_db_string(pseudonym))
224 0 : return NULL;
225 9 : os_memset(&data->db_tmp_identity, 0, sizeof(data->db_tmp_identity));
226 9 : os_snprintf(cmd, sizeof(cmd),
227 : "SELECT permanent FROM pseudonyms WHERE pseudonym='%s';",
228 : pseudonym);
229 9 : if (sqlite3_exec(data->sqlite_db, cmd, get_pseudonym_cb, data, NULL) !=
230 : SQLITE_OK)
231 0 : return NULL;
232 9 : if (data->db_tmp_identity[0] == '\0')
233 3 : return NULL;
234 6 : return data->db_tmp_identity;
235 : }
236 :
237 :
238 24 : static int db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
239 : char *reauth_id, u16 counter, const u8 *mk,
240 : const u8 *k_encr, const u8 *k_aut, const u8 *k_re)
241 : {
242 : char cmd[2000], *pos, *end;
243 24 : char *err = NULL;
244 :
245 24 : if (!valid_db_string(permanent) || !valid_db_string(reauth_id)) {
246 0 : os_free(reauth_id);
247 0 : return -1;
248 : }
249 :
250 24 : pos = cmd;
251 24 : end = pos + sizeof(cmd);
252 24 : pos += os_snprintf(pos, end - pos, "INSERT OR REPLACE INTO reauth "
253 : "(permanent, reauth_id, counter%s%s%s%s) "
254 : "VALUES ('%s', '%s', %u",
255 : mk ? ", mk" : "",
256 : k_encr ? ", k_encr" : "",
257 : k_aut ? ", k_aut" : "",
258 : k_re ? ", k_re" : "",
259 : permanent, reauth_id, counter);
260 24 : os_free(reauth_id);
261 :
262 24 : if (mk) {
263 16 : pos += os_snprintf(pos, end - pos, ", '");
264 16 : pos += wpa_snprintf_hex(pos, end - pos, mk, EAP_SIM_MK_LEN);
265 16 : pos += os_snprintf(pos, end - pos, "'");
266 : }
267 :
268 24 : if (k_encr) {
269 8 : pos += os_snprintf(pos, end - pos, ", '");
270 8 : pos += wpa_snprintf_hex(pos, end - pos, k_encr,
271 : EAP_SIM_K_ENCR_LEN);
272 8 : pos += os_snprintf(pos, end - pos, "'");
273 : }
274 :
275 24 : if (k_aut) {
276 8 : pos += os_snprintf(pos, end - pos, ", '");
277 8 : pos += wpa_snprintf_hex(pos, end - pos, k_aut,
278 : EAP_AKA_PRIME_K_AUT_LEN);
279 8 : pos += os_snprintf(pos, end - pos, "'");
280 : }
281 :
282 24 : if (k_re) {
283 8 : pos += os_snprintf(pos, end - pos, ", '");
284 8 : pos += wpa_snprintf_hex(pos, end - pos, k_re,
285 : EAP_AKA_PRIME_K_RE_LEN);
286 8 : pos += os_snprintf(pos, end - pos, "'");
287 : }
288 :
289 24 : os_snprintf(pos, end - pos, ");");
290 :
291 24 : if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
292 : {
293 0 : wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
294 0 : sqlite3_free(err);
295 0 : return -1;
296 : }
297 :
298 24 : return 0;
299 : }
300 :
301 :
302 15 : static int get_reauth_cb(void *ctx, int argc, char *argv[], char *col[])
303 : {
304 15 : struct eap_sim_db_data *data = ctx;
305 : int i;
306 15 : struct eap_sim_reauth *reauth = &data->db_tmp_reauth;
307 :
308 120 : for (i = 0; i < argc; i++) {
309 105 : if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
310 15 : os_strlcpy(data->db_tmp_identity, argv[i],
311 : sizeof(data->db_tmp_identity));
312 15 : reauth->permanent = data->db_tmp_identity;
313 90 : } else if (os_strcmp(col[i], "counter") == 0 && argv[i]) {
314 15 : reauth->counter = atoi(argv[i]);
315 75 : } else if (os_strcmp(col[i], "mk") == 0 && argv[i]) {
316 10 : hexstr2bin(argv[i], reauth->mk, sizeof(reauth->mk));
317 65 : } else if (os_strcmp(col[i], "k_encr") == 0 && argv[i]) {
318 5 : hexstr2bin(argv[i], reauth->k_encr,
319 : sizeof(reauth->k_encr));
320 60 : } else if (os_strcmp(col[i], "k_aut") == 0 && argv[i]) {
321 5 : hexstr2bin(argv[i], reauth->k_aut,
322 : sizeof(reauth->k_aut));
323 55 : } else if (os_strcmp(col[i], "k_re") == 0 && argv[i]) {
324 5 : hexstr2bin(argv[i], reauth->k_re,
325 : sizeof(reauth->k_re));
326 : }
327 : }
328 :
329 15 : return 0;
330 : }
331 :
332 :
333 : static struct eap_sim_reauth *
334 25 : db_get_reauth(struct eap_sim_db_data *data, const char *reauth_id)
335 : {
336 : char cmd[256];
337 :
338 25 : if (!valid_db_string(reauth_id))
339 0 : return NULL;
340 25 : os_memset(&data->db_tmp_reauth, 0, sizeof(data->db_tmp_reauth));
341 25 : os_strlcpy(data->db_tmp_pseudonym_str, reauth_id,
342 : sizeof(data->db_tmp_pseudonym_str));
343 25 : data->db_tmp_reauth.reauth_id = data->db_tmp_pseudonym_str;
344 25 : os_snprintf(cmd, sizeof(cmd),
345 : "SELECT * FROM reauth WHERE reauth_id='%s';", reauth_id);
346 25 : if (sqlite3_exec(data->sqlite_db, cmd, get_reauth_cb, data, NULL) !=
347 : SQLITE_OK)
348 0 : return NULL;
349 25 : if (data->db_tmp_reauth.permanent == NULL)
350 10 : return NULL;
351 15 : return &data->db_tmp_reauth;
352 : }
353 :
354 :
355 3 : static void db_remove_reauth(struct eap_sim_db_data *data,
356 : struct eap_sim_reauth *reauth)
357 : {
358 : char cmd[256];
359 :
360 3 : if (!valid_db_string(reauth->permanent))
361 3 : return;
362 3 : os_snprintf(cmd, sizeof(cmd),
363 : "DELETE FROM reauth WHERE permanent='%s';",
364 : reauth->permanent);
365 3 : sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, NULL);
366 : }
367 :
368 : #endif /* CONFIG_SQLITE */
369 :
370 :
371 : static struct eap_sim_db_pending *
372 252 : eap_sim_db_get_pending(struct eap_sim_db_data *data, const char *imsi, int aka)
373 : {
374 252 : struct eap_sim_db_pending *entry, *prev = NULL;
375 :
376 252 : entry = data->pending;
377 504 : while (entry) {
378 168 : if (entry->aka == aka && os_strcmp(entry->imsi, imsi) == 0) {
379 168 : if (prev)
380 0 : prev->next = entry->next;
381 : else
382 168 : data->pending = entry->next;
383 168 : break;
384 : }
385 0 : prev = entry;
386 0 : entry = entry->next;
387 : }
388 252 : return entry;
389 : }
390 :
391 :
392 168 : static void eap_sim_db_add_pending(struct eap_sim_db_data *data,
393 : struct eap_sim_db_pending *entry)
394 : {
395 168 : entry->next = data->pending;
396 168 : data->pending = entry;
397 168 : }
398 :
399 :
400 34 : static void eap_sim_db_sim_resp_auth(struct eap_sim_db_data *data,
401 : const char *imsi, char *buf)
402 : {
403 : char *start, *end, *pos;
404 : struct eap_sim_db_pending *entry;
405 : int num_chal;
406 :
407 : /*
408 : * SIM-RESP-AUTH <IMSI> Kc(i):SRES(i):RAND(i) ...
409 : * SIM-RESP-AUTH <IMSI> FAILURE
410 : * (IMSI = ASCII string, Kc/SRES/RAND = hex string)
411 : */
412 :
413 34 : entry = eap_sim_db_get_pending(data, imsi, 0);
414 34 : if (entry == NULL) {
415 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
416 : "received message found");
417 0 : return;
418 : }
419 :
420 34 : start = buf;
421 34 : if (os_strncmp(start, "FAILURE", 7) == 0) {
422 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
423 : "failure");
424 1 : entry->state = FAILURE;
425 1 : eap_sim_db_add_pending(data, entry);
426 1 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
427 1 : return;
428 : }
429 :
430 33 : num_chal = 0;
431 132 : while (num_chal < EAP_SIM_MAX_CHAL) {
432 99 : end = os_strchr(start, ' ');
433 99 : if (end)
434 66 : *end = '\0';
435 :
436 99 : pos = os_strchr(start, ':');
437 99 : if (pos == NULL)
438 0 : goto parse_fail;
439 99 : *pos = '\0';
440 99 : if (hexstr2bin(start, entry->u.sim.kc[num_chal],
441 : EAP_SIM_KC_LEN))
442 0 : goto parse_fail;
443 :
444 99 : start = pos + 1;
445 99 : pos = os_strchr(start, ':');
446 99 : if (pos == NULL)
447 0 : goto parse_fail;
448 99 : *pos = '\0';
449 99 : if (hexstr2bin(start, entry->u.sim.sres[num_chal],
450 : EAP_SIM_SRES_LEN))
451 0 : goto parse_fail;
452 :
453 99 : start = pos + 1;
454 99 : if (hexstr2bin(start, entry->u.sim.rand[num_chal],
455 : GSM_RAND_LEN))
456 0 : goto parse_fail;
457 :
458 99 : num_chal++;
459 99 : if (end == NULL)
460 33 : break;
461 : else
462 66 : start = end + 1;
463 : }
464 33 : entry->u.sim.num_chal = num_chal;
465 :
466 33 : entry->state = SUCCESS;
467 33 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
468 : "successfully - callback");
469 33 : eap_sim_db_add_pending(data, entry);
470 33 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
471 33 : return;
472 :
473 : parse_fail:
474 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
475 0 : os_free(entry);
476 : }
477 :
478 :
479 50 : static void eap_sim_db_aka_resp_auth(struct eap_sim_db_data *data,
480 : const char *imsi, char *buf)
481 : {
482 : char *start, *end;
483 : struct eap_sim_db_pending *entry;
484 :
485 : /*
486 : * AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES>
487 : * AKA-RESP-AUTH <IMSI> FAILURE
488 : * (IMSI = ASCII string, RAND/AUTN/IK/CK/RES = hex string)
489 : */
490 :
491 50 : entry = eap_sim_db_get_pending(data, imsi, 1);
492 50 : if (entry == NULL) {
493 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
494 : "received message found");
495 0 : return;
496 : }
497 :
498 50 : start = buf;
499 50 : if (os_strncmp(start, "FAILURE", 7) == 0) {
500 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
501 : "failure");
502 0 : entry->state = FAILURE;
503 0 : eap_sim_db_add_pending(data, entry);
504 0 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
505 0 : return;
506 : }
507 :
508 50 : end = os_strchr(start, ' ');
509 50 : if (end == NULL)
510 0 : goto parse_fail;
511 50 : *end = '\0';
512 50 : if (hexstr2bin(start, entry->u.aka.rand, EAP_AKA_RAND_LEN))
513 0 : goto parse_fail;
514 :
515 50 : start = end + 1;
516 50 : end = os_strchr(start, ' ');
517 50 : if (end == NULL)
518 0 : goto parse_fail;
519 50 : *end = '\0';
520 50 : if (hexstr2bin(start, entry->u.aka.autn, EAP_AKA_AUTN_LEN))
521 0 : goto parse_fail;
522 :
523 50 : start = end + 1;
524 50 : end = os_strchr(start, ' ');
525 50 : if (end == NULL)
526 0 : goto parse_fail;
527 50 : *end = '\0';
528 50 : if (hexstr2bin(start, entry->u.aka.ik, EAP_AKA_IK_LEN))
529 0 : goto parse_fail;
530 :
531 50 : start = end + 1;
532 50 : end = os_strchr(start, ' ');
533 50 : if (end == NULL)
534 0 : goto parse_fail;
535 50 : *end = '\0';
536 50 : if (hexstr2bin(start, entry->u.aka.ck, EAP_AKA_CK_LEN))
537 0 : goto parse_fail;
538 :
539 50 : start = end + 1;
540 50 : end = os_strchr(start, ' ');
541 50 : if (end)
542 0 : *end = '\0';
543 : else {
544 50 : end = start;
545 900 : while (*end)
546 800 : end++;
547 : }
548 50 : entry->u.aka.res_len = (end - start) / 2;
549 50 : if (entry->u.aka.res_len > EAP_AKA_RES_MAX_LEN) {
550 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Too long RES");
551 0 : entry->u.aka.res_len = 0;
552 0 : goto parse_fail;
553 : }
554 50 : if (hexstr2bin(start, entry->u.aka.res, entry->u.aka.res_len))
555 0 : goto parse_fail;
556 :
557 50 : entry->state = SUCCESS;
558 50 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
559 : "successfully - callback");
560 50 : eap_sim_db_add_pending(data, entry);
561 50 : data->get_complete_cb(data->ctx, entry->cb_session_ctx);
562 50 : return;
563 :
564 : parse_fail:
565 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
566 0 : os_free(entry);
567 : }
568 :
569 :
570 84 : static void eap_sim_db_receive(int sock, void *eloop_ctx, void *sock_ctx)
571 : {
572 84 : struct eap_sim_db_data *data = eloop_ctx;
573 : char buf[1000], *pos, *cmd, *imsi;
574 : int res;
575 :
576 84 : res = recv(sock, buf, sizeof(buf) - 1, 0);
577 84 : if (res < 0)
578 84 : return;
579 84 : buf[res] = '\0';
580 84 : wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-SIM DB: Received from an "
581 : "external source", (u8 *) buf, res);
582 84 : if (res == 0)
583 0 : return;
584 :
585 84 : if (data->get_complete_cb == NULL) {
586 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: No get_complete_cb "
587 : "registered");
588 0 : return;
589 : }
590 :
591 : /* <cmd> <IMSI> ... */
592 :
593 84 : cmd = buf;
594 84 : pos = os_strchr(cmd, ' ');
595 84 : if (pos == NULL)
596 0 : goto parse_fail;
597 84 : *pos = '\0';
598 84 : imsi = pos + 1;
599 84 : pos = os_strchr(imsi, ' ');
600 84 : if (pos == NULL)
601 0 : goto parse_fail;
602 84 : *pos = '\0';
603 84 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External response=%s for IMSI %s",
604 : cmd, imsi);
605 :
606 84 : if (os_strcmp(cmd, "SIM-RESP-AUTH") == 0)
607 34 : eap_sim_db_sim_resp_auth(data, imsi, pos + 1);
608 50 : else if (os_strcmp(cmd, "AKA-RESP-AUTH") == 0)
609 50 : eap_sim_db_aka_resp_auth(data, imsi, pos + 1);
610 : else
611 0 : wpa_printf(MSG_INFO, "EAP-SIM DB: Unknown external response "
612 : "'%s'", cmd);
613 84 : return;
614 :
615 : parse_fail:
616 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
617 : }
618 :
619 :
620 13 : static int eap_sim_db_open_socket(struct eap_sim_db_data *data)
621 : {
622 : struct sockaddr_un addr;
623 : static int counter = 0;
624 :
625 13 : if (os_strncmp(data->fname, "unix:", 5) != 0)
626 0 : return -1;
627 :
628 13 : data->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
629 13 : if (data->sock < 0) {
630 0 : wpa_printf(MSG_INFO, "socket(eap_sim_db): %s", strerror(errno));
631 0 : return -1;
632 : }
633 :
634 13 : os_memset(&addr, 0, sizeof(addr));
635 13 : addr.sun_family = AF_UNIX;
636 13 : os_snprintf(addr.sun_path, sizeof(addr.sun_path),
637 : "/tmp/eap_sim_db_%d-%d", getpid(), counter++);
638 13 : os_free(data->local_sock);
639 13 : data->local_sock = os_strdup(addr.sun_path);
640 13 : if (data->local_sock == NULL) {
641 0 : close(data->sock);
642 0 : data->sock = -1;
643 0 : return -1;
644 : }
645 13 : if (bind(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
646 0 : wpa_printf(MSG_INFO, "bind(eap_sim_db): %s", strerror(errno));
647 0 : close(data->sock);
648 0 : data->sock = -1;
649 0 : return -1;
650 : }
651 :
652 13 : os_memset(&addr, 0, sizeof(addr));
653 13 : addr.sun_family = AF_UNIX;
654 13 : os_strlcpy(addr.sun_path, data->fname + 5, sizeof(addr.sun_path));
655 13 : if (connect(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
656 0 : wpa_printf(MSG_INFO, "connect(eap_sim_db): %s",
657 0 : strerror(errno));
658 0 : wpa_hexdump_ascii(MSG_INFO, "HLR/AuC GW socket",
659 : (u8 *) addr.sun_path,
660 : os_strlen(addr.sun_path));
661 0 : close(data->sock);
662 0 : data->sock = -1;
663 0 : unlink(data->local_sock);
664 0 : os_free(data->local_sock);
665 0 : data->local_sock = NULL;
666 0 : return -1;
667 : }
668 :
669 13 : eloop_register_read_sock(data->sock, eap_sim_db_receive, data, NULL);
670 :
671 13 : return 0;
672 : }
673 :
674 :
675 13 : static void eap_sim_db_close_socket(struct eap_sim_db_data *data)
676 : {
677 13 : if (data->sock >= 0) {
678 13 : eloop_unregister_read_sock(data->sock);
679 13 : close(data->sock);
680 13 : data->sock = -1;
681 : }
682 13 : if (data->local_sock) {
683 13 : unlink(data->local_sock);
684 13 : os_free(data->local_sock);
685 13 : data->local_sock = NULL;
686 : }
687 13 : }
688 :
689 :
690 : /**
691 : * eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface
692 : * @config: Configuration data (e.g., file name)
693 : * @get_complete_cb: Callback function for reporting availability of triplets
694 : * @ctx: Context pointer for get_complete_cb
695 : * Returns: Pointer to a private data structure or %NULL on failure
696 : */
697 : struct eap_sim_db_data *
698 13 : eap_sim_db_init(const char *config,
699 : void (*get_complete_cb)(void *ctx, void *session_ctx),
700 : void *ctx)
701 : {
702 : struct eap_sim_db_data *data;
703 : char *pos;
704 :
705 13 : data = os_zalloc(sizeof(*data));
706 13 : if (data == NULL)
707 0 : return NULL;
708 :
709 13 : data->sock = -1;
710 13 : data->get_complete_cb = get_complete_cb;
711 13 : data->ctx = ctx;
712 13 : data->fname = os_strdup(config);
713 13 : if (data->fname == NULL)
714 0 : goto fail;
715 13 : pos = os_strstr(data->fname, " db=");
716 13 : if (pos) {
717 5 : *pos = '\0';
718 : #ifdef CONFIG_SQLITE
719 5 : pos += 4;
720 5 : data->sqlite_db = db_open(pos);
721 5 : if (data->sqlite_db == NULL)
722 0 : goto fail;
723 : #endif /* CONFIG_SQLITE */
724 : }
725 :
726 13 : if (os_strncmp(data->fname, "unix:", 5) == 0) {
727 13 : if (eap_sim_db_open_socket(data)) {
728 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: External database "
729 : "connection not available - will retry "
730 : "later");
731 : }
732 : }
733 :
734 13 : return data;
735 :
736 : fail:
737 0 : eap_sim_db_close_socket(data);
738 0 : os_free(data->fname);
739 0 : os_free(data);
740 0 : return NULL;
741 : }
742 :
743 :
744 18 : static void eap_sim_db_free_pseudonym(struct eap_sim_pseudonym *p)
745 : {
746 18 : os_free(p->permanent);
747 18 : os_free(p->pseudonym);
748 18 : os_free(p);
749 18 : }
750 :
751 :
752 18 : static void eap_sim_db_free_reauth(struct eap_sim_reauth *r)
753 : {
754 18 : os_free(r->permanent);
755 18 : os_free(r->reauth_id);
756 18 : os_free(r);
757 18 : }
758 :
759 :
760 : /**
761 : * eap_sim_db_deinit - Deinitialize EAP-SIM DB/authentication gw interface
762 : * @priv: Private data pointer from eap_sim_db_init()
763 : */
764 13 : void eap_sim_db_deinit(void *priv)
765 : {
766 13 : struct eap_sim_db_data *data = priv;
767 : struct eap_sim_pseudonym *p, *prev;
768 : struct eap_sim_reauth *r, *prevr;
769 : struct eap_sim_db_pending *pending, *prev_pending;
770 :
771 : #ifdef CONFIG_SQLITE
772 13 : if (data->sqlite_db) {
773 5 : sqlite3_close(data->sqlite_db);
774 5 : data->sqlite_db = NULL;
775 : }
776 : #endif /* CONFIG_SQLITE */
777 :
778 13 : eap_sim_db_close_socket(data);
779 13 : os_free(data->fname);
780 :
781 13 : p = data->pseudonyms;
782 44 : while (p) {
783 18 : prev = p;
784 18 : p = p->next;
785 18 : eap_sim_db_free_pseudonym(prev);
786 : }
787 :
788 13 : r = data->reauths;
789 44 : while (r) {
790 18 : prevr = r;
791 18 : r = r->next;
792 18 : eap_sim_db_free_reauth(prevr);
793 : }
794 :
795 13 : pending = data->pending;
796 26 : while (pending) {
797 0 : prev_pending = pending;
798 0 : pending = pending->next;
799 0 : os_free(prev_pending);
800 : }
801 :
802 13 : os_free(data);
803 13 : }
804 :
805 :
806 89 : static int eap_sim_db_send(struct eap_sim_db_data *data, const char *msg,
807 : size_t len)
808 : {
809 89 : int _errno = 0;
810 :
811 89 : if (send(data->sock, msg, len, 0) < 0) {
812 0 : _errno = errno;
813 0 : wpa_printf(MSG_INFO, "send[EAP-SIM DB UNIX]: %s",
814 0 : strerror(errno));
815 : }
816 :
817 89 : if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL ||
818 : _errno == ECONNREFUSED) {
819 : /* Try to reconnect */
820 0 : eap_sim_db_close_socket(data);
821 0 : if (eap_sim_db_open_socket(data) < 0)
822 0 : return -1;
823 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Reconnected to the "
824 : "external server");
825 0 : if (send(data->sock, msg, len, 0) < 0) {
826 0 : wpa_printf(MSG_INFO, "send[EAP-SIM DB UNIX]: %s",
827 0 : strerror(errno));
828 0 : return -1;
829 : }
830 : }
831 :
832 89 : return 0;
833 : }
834 :
835 :
836 84 : static void eap_sim_db_expire_pending(struct eap_sim_db_data *data)
837 : {
838 : /* TODO: add limit for maximum length for pending list; remove latest
839 : * (i.e., last) entry from the list if the limit is reached; could also
840 : * use timeout to expire pending entries */
841 84 : }
842 :
843 :
844 : /**
845 : * eap_sim_db_get_gsm_triplets - Get GSM triplets
846 : * @data: Private data pointer from eap_sim_db_init()
847 : * @username: Permanent username (prefix | IMSI)
848 : * @max_chal: Maximum number of triplets
849 : * @_rand: Buffer for RAND values
850 : * @kc: Buffer for Kc values
851 : * @sres: Buffer for SRES values
852 : * @cb_session_ctx: Session callback context for get_complete_cb()
853 : * Returns: Number of triplets received (has to be less than or equal to
854 : * max_chal), -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or
855 : * -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the
856 : * callback function registered with eap_sim_db_init() will be called once the
857 : * results become available.
858 : *
859 : * When using an external server for GSM triplets, this function can always
860 : * start a request and return EAP_SIM_DB_PENDING immediately if authentication
861 : * triplets are not available. Once the triplets are received, callback
862 : * function registered with eap_sim_db_init() is called to notify EAP state
863 : * machine to reprocess the message. This eap_sim_db_get_gsm_triplets()
864 : * function will then be called again and the newly received triplets will then
865 : * be given to the caller.
866 : */
867 68 : int eap_sim_db_get_gsm_triplets(struct eap_sim_db_data *data,
868 : const char *username, int max_chal,
869 : u8 *_rand, u8 *kc, u8 *sres,
870 : void *cb_session_ctx)
871 : {
872 : struct eap_sim_db_pending *entry;
873 : int len, ret;
874 : char msg[40];
875 : const char *imsi;
876 : size_t imsi_len;
877 :
878 136 : if (username == NULL || username[0] != EAP_SIM_PERMANENT_PREFIX ||
879 136 : username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
880 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
881 : username);
882 0 : return EAP_SIM_DB_FAILURE;
883 : }
884 68 : imsi = username + 1;
885 68 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI '%s'",
886 : imsi);
887 :
888 68 : entry = eap_sim_db_get_pending(data, imsi, 0);
889 68 : if (entry) {
890 : int num_chal;
891 34 : if (entry->state == FAILURE) {
892 1 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
893 : "failure");
894 1 : os_free(entry);
895 1 : return EAP_SIM_DB_FAILURE;
896 : }
897 :
898 33 : if (entry->state == PENDING) {
899 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
900 : "still pending");
901 0 : eap_sim_db_add_pending(data, entry);
902 0 : return EAP_SIM_DB_PENDING;
903 : }
904 :
905 33 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
906 : "%d challenges", entry->u.sim.num_chal);
907 33 : num_chal = entry->u.sim.num_chal;
908 33 : if (num_chal > max_chal)
909 0 : num_chal = max_chal;
910 33 : os_memcpy(_rand, entry->u.sim.rand, num_chal * GSM_RAND_LEN);
911 33 : os_memcpy(sres, entry->u.sim.sres,
912 : num_chal * EAP_SIM_SRES_LEN);
913 33 : os_memcpy(kc, entry->u.sim.kc, num_chal * EAP_SIM_KC_LEN);
914 33 : os_free(entry);
915 33 : return num_chal;
916 : }
917 :
918 34 : if (data->sock < 0) {
919 0 : if (eap_sim_db_open_socket(data) < 0)
920 0 : return EAP_SIM_DB_FAILURE;
921 : }
922 :
923 34 : imsi_len = os_strlen(imsi);
924 34 : len = os_snprintf(msg, sizeof(msg), "SIM-REQ-AUTH ");
925 68 : if (os_snprintf_error(sizeof(msg), len) ||
926 34 : len + imsi_len >= sizeof(msg))
927 0 : return EAP_SIM_DB_FAILURE;
928 34 : os_memcpy(msg + len, imsi, imsi_len);
929 34 : len += imsi_len;
930 34 : ret = os_snprintf(msg + len, sizeof(msg) - len, " %d", max_chal);
931 34 : if (os_snprintf_error(sizeof(msg) - len, ret))
932 0 : return EAP_SIM_DB_FAILURE;
933 34 : len += ret;
934 :
935 34 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting SIM authentication "
936 : "data for IMSI '%s'", imsi);
937 34 : if (eap_sim_db_send(data, msg, len) < 0)
938 0 : return EAP_SIM_DB_FAILURE;
939 :
940 34 : entry = os_zalloc(sizeof(*entry));
941 34 : if (entry == NULL)
942 0 : return EAP_SIM_DB_FAILURE;
943 :
944 34 : os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
945 34 : entry->cb_session_ctx = cb_session_ctx;
946 34 : entry->state = PENDING;
947 34 : eap_sim_db_add_pending(data, entry);
948 34 : eap_sim_db_expire_pending(data);
949 :
950 34 : return EAP_SIM_DB_PENDING;
951 : }
952 :
953 :
954 184 : static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix)
955 : {
956 : char *id, *pos, *end;
957 : u8 buf[10];
958 :
959 184 : if (random_get_bytes(buf, sizeof(buf)))
960 0 : return NULL;
961 184 : id = os_malloc(sizeof(buf) * 2 + 2);
962 184 : if (id == NULL)
963 0 : return NULL;
964 :
965 184 : pos = id;
966 184 : end = id + sizeof(buf) * 2 + 2;
967 184 : *pos++ = prefix;
968 184 : wpa_snprintf_hex(pos, end - pos, buf, sizeof(buf));
969 :
970 184 : return id;
971 : }
972 :
973 :
974 : /**
975 : * eap_sim_db_get_next_pseudonym - EAP-SIM DB: Get next pseudonym
976 : * @data: Private data pointer from eap_sim_db_init()
977 : * @method: EAP method (SIM/AKA/AKA')
978 : * Returns: Next pseudonym (allocated string) or %NULL on failure
979 : *
980 : * This function is used to generate a pseudonym for EAP-SIM. The returned
981 : * pseudonym is not added to database at this point; it will need to be added
982 : * with eap_sim_db_add_pseudonym() once the authentication has been completed
983 : * successfully. Caller is responsible for freeing the returned buffer.
984 : */
985 83 : char * eap_sim_db_get_next_pseudonym(struct eap_sim_db_data *data,
986 : enum eap_sim_db_method method)
987 : {
988 83 : char prefix = EAP_SIM_REAUTH_ID_PREFIX;
989 :
990 83 : switch (method) {
991 : case EAP_SIM_DB_SIM:
992 33 : prefix = EAP_SIM_PSEUDONYM_PREFIX;
993 33 : break;
994 : case EAP_SIM_DB_AKA:
995 37 : prefix = EAP_AKA_PSEUDONYM_PREFIX;
996 37 : break;
997 : case EAP_SIM_DB_AKA_PRIME:
998 13 : prefix = EAP_AKA_PRIME_PSEUDONYM_PREFIX;
999 13 : break;
1000 : }
1001 :
1002 83 : return eap_sim_db_get_next(data, prefix);
1003 : }
1004 :
1005 :
1006 : /**
1007 : * eap_sim_db_get_next_reauth_id - EAP-SIM DB: Get next reauth_id
1008 : * @data: Private data pointer from eap_sim_db_init()
1009 : * @method: EAP method (SIM/AKA/AKA')
1010 : * Returns: Next reauth_id (allocated string) or %NULL on failure
1011 : *
1012 : * This function is used to generate a fast re-authentication identity for
1013 : * EAP-SIM. The returned reauth_id is not added to database at this point; it
1014 : * will need to be added with eap_sim_db_add_reauth() once the authentication
1015 : * has been completed successfully. Caller is responsible for freeing the
1016 : * returned buffer.
1017 : */
1018 101 : char * eap_sim_db_get_next_reauth_id(struct eap_sim_db_data *data,
1019 : enum eap_sim_db_method method)
1020 : {
1021 101 : char prefix = EAP_SIM_REAUTH_ID_PREFIX;
1022 :
1023 101 : switch (method) {
1024 : case EAP_SIM_DB_SIM:
1025 39 : prefix = EAP_SIM_REAUTH_ID_PREFIX;
1026 39 : break;
1027 : case EAP_SIM_DB_AKA:
1028 43 : prefix = EAP_AKA_REAUTH_ID_PREFIX;
1029 43 : break;
1030 : case EAP_SIM_DB_AKA_PRIME:
1031 19 : prefix = EAP_AKA_PRIME_REAUTH_ID_PREFIX;
1032 19 : break;
1033 : }
1034 :
1035 101 : return eap_sim_db_get_next(data, prefix);
1036 : }
1037 :
1038 :
1039 : /**
1040 : * eap_sim_db_add_pseudonym - EAP-SIM DB: Add new pseudonym
1041 : * @data: Private data pointer from eap_sim_db_init()
1042 : * @permanent: Permanent username
1043 : * @pseudonym: Pseudonym for this user. This needs to be an allocated buffer,
1044 : * e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not
1045 : * free it.
1046 : * Returns: 0 on success, -1 on failure
1047 : *
1048 : * This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is
1049 : * responsible of freeing pseudonym buffer once it is not needed anymore.
1050 : */
1051 47 : int eap_sim_db_add_pseudonym(struct eap_sim_db_data *data,
1052 : const char *permanent, char *pseudonym)
1053 : {
1054 : struct eap_sim_pseudonym *p;
1055 47 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add pseudonym '%s' for permanent "
1056 : "username '%s'", pseudonym, permanent);
1057 :
1058 : /* TODO: could store last two pseudonyms */
1059 : #ifdef CONFIG_SQLITE
1060 47 : if (data->sqlite_db)
1061 18 : return db_add_pseudonym(data, permanent, pseudonym);
1062 : #endif /* CONFIG_SQLITE */
1063 60 : for (p = data->pseudonyms; p; p = p->next) {
1064 42 : if (os_strcmp(permanent, p->permanent) == 0)
1065 11 : break;
1066 : }
1067 29 : if (p) {
1068 11 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1069 : "pseudonym: %s", p->pseudonym);
1070 11 : os_free(p->pseudonym);
1071 11 : p->pseudonym = pseudonym;
1072 11 : return 0;
1073 : }
1074 :
1075 18 : p = os_zalloc(sizeof(*p));
1076 18 : if (p == NULL) {
1077 0 : os_free(pseudonym);
1078 0 : return -1;
1079 : }
1080 :
1081 18 : p->next = data->pseudonyms;
1082 18 : p->permanent = os_strdup(permanent);
1083 18 : if (p->permanent == NULL) {
1084 0 : os_free(p);
1085 0 : os_free(pseudonym);
1086 0 : return -1;
1087 : }
1088 18 : p->pseudonym = pseudonym;
1089 18 : data->pseudonyms = p;
1090 :
1091 18 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new pseudonym entry");
1092 18 : return 0;
1093 : }
1094 :
1095 :
1096 : static struct eap_sim_reauth *
1097 35 : eap_sim_db_add_reauth_data(struct eap_sim_db_data *data,
1098 : const char *permanent,
1099 : char *reauth_id, u16 counter)
1100 : {
1101 : struct eap_sim_reauth *r;
1102 :
1103 66 : for (r = data->reauths; r; r = r->next) {
1104 48 : if (os_strcmp(r->permanent, permanent) == 0)
1105 17 : break;
1106 : }
1107 :
1108 35 : if (r) {
1109 17 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1110 : "reauth_id: %s", r->reauth_id);
1111 17 : os_free(r->reauth_id);
1112 17 : r->reauth_id = reauth_id;
1113 : } else {
1114 18 : r = os_zalloc(sizeof(*r));
1115 18 : if (r == NULL) {
1116 0 : os_free(reauth_id);
1117 0 : return NULL;
1118 : }
1119 :
1120 18 : r->next = data->reauths;
1121 18 : r->permanent = os_strdup(permanent);
1122 18 : if (r->permanent == NULL) {
1123 0 : os_free(r);
1124 0 : os_free(reauth_id);
1125 0 : return NULL;
1126 : }
1127 18 : r->reauth_id = reauth_id;
1128 18 : data->reauths = r;
1129 18 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new reauth entry");
1130 : }
1131 :
1132 35 : r->counter = counter;
1133 :
1134 35 : return r;
1135 : }
1136 :
1137 :
1138 : /**
1139 : * eap_sim_db_add_reauth - EAP-SIM DB: Add new re-authentication entry
1140 : * @priv: Private data pointer from eap_sim_db_init()
1141 : * @permanent: Permanent username
1142 : * @identity_len: Length of identity
1143 : * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1144 : * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1145 : * free it.
1146 : * @counter: AT_COUNTER value for fast re-authentication
1147 : * @mk: 16-byte MK from the previous full authentication or %NULL
1148 : * Returns: 0 on success, -1 on failure
1149 : *
1150 : * This function adds a new re-authentication entry for an EAP-SIM user.
1151 : * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1152 : * anymore.
1153 : */
1154 43 : int eap_sim_db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
1155 : char *reauth_id, u16 counter, const u8 *mk)
1156 : {
1157 : struct eap_sim_reauth *r;
1158 :
1159 43 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1160 : "identity '%s'", reauth_id, permanent);
1161 :
1162 : #ifdef CONFIG_SQLITE
1163 43 : if (data->sqlite_db)
1164 16 : return db_add_reauth(data, permanent, reauth_id, counter, mk,
1165 : NULL, NULL, NULL);
1166 : #endif /* CONFIG_SQLITE */
1167 27 : r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1168 27 : if (r == NULL)
1169 0 : return -1;
1170 :
1171 27 : os_memcpy(r->mk, mk, EAP_SIM_MK_LEN);
1172 :
1173 27 : return 0;
1174 : }
1175 :
1176 :
1177 : #ifdef EAP_SERVER_AKA_PRIME
1178 : /**
1179 : * eap_sim_db_add_reauth_prime - EAP-AKA' DB: Add new re-authentication entry
1180 : * @data: Private data pointer from eap_sim_db_init()
1181 : * @permanent: Permanent username
1182 : * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1183 : * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1184 : * free it.
1185 : * @counter: AT_COUNTER value for fast re-authentication
1186 : * @k_encr: K_encr from the previous full authentication
1187 : * @k_aut: K_aut from the previous full authentication
1188 : * @k_re: 32-byte K_re from the previous full authentication
1189 : * Returns: 0 on success, -1 on failure
1190 : *
1191 : * This function adds a new re-authentication entry for an EAP-AKA' user.
1192 : * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1193 : * anymore.
1194 : */
1195 16 : int eap_sim_db_add_reauth_prime(struct eap_sim_db_data *data,
1196 : const char *permanent, char *reauth_id,
1197 : u16 counter, const u8 *k_encr,
1198 : const u8 *k_aut, const u8 *k_re)
1199 : {
1200 : struct eap_sim_reauth *r;
1201 :
1202 16 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1203 : "identity '%s'", reauth_id, permanent);
1204 :
1205 : #ifdef CONFIG_SQLITE
1206 16 : if (data->sqlite_db)
1207 8 : return db_add_reauth(data, permanent, reauth_id, counter, NULL,
1208 : k_encr, k_aut, k_re);
1209 : #endif /* CONFIG_SQLITE */
1210 8 : r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1211 8 : if (r == NULL)
1212 0 : return -1;
1213 :
1214 8 : os_memcpy(r->k_encr, k_encr, EAP_SIM_K_ENCR_LEN);
1215 8 : os_memcpy(r->k_aut, k_aut, EAP_AKA_PRIME_K_AUT_LEN);
1216 8 : os_memcpy(r->k_re, k_re, EAP_AKA_PRIME_K_RE_LEN);
1217 :
1218 8 : return 0;
1219 : }
1220 : #endif /* EAP_SERVER_AKA_PRIME */
1221 :
1222 :
1223 : /**
1224 : * eap_sim_db_get_permanent - EAP-SIM DB: Get permanent identity
1225 : * @data: Private data pointer from eap_sim_db_init()
1226 : * @pseudonym: Pseudonym username
1227 : * Returns: Pointer to permanent username or %NULL if not found
1228 : */
1229 : const char *
1230 12 : eap_sim_db_get_permanent(struct eap_sim_db_data *data, const char *pseudonym)
1231 : {
1232 : struct eap_sim_pseudonym *p;
1233 :
1234 : #ifdef CONFIG_SQLITE
1235 12 : if (data->sqlite_db)
1236 9 : return db_get_pseudonym(data, pseudonym);
1237 : #endif /* CONFIG_SQLITE */
1238 :
1239 3 : p = data->pseudonyms;
1240 9 : while (p) {
1241 3 : if (os_strcmp(p->pseudonym, pseudonym) == 0)
1242 0 : return p->permanent;
1243 3 : p = p->next;
1244 : }
1245 :
1246 3 : return NULL;
1247 : }
1248 :
1249 :
1250 : /**
1251 : * eap_sim_db_get_reauth_entry - EAP-SIM DB: Get re-authentication entry
1252 : * @data: Private data pointer from eap_sim_db_init()
1253 : * @reauth_id: Fast re-authentication username
1254 : * Returns: Pointer to the re-auth entry, or %NULL if not found
1255 : */
1256 : struct eap_sim_reauth *
1257 31 : eap_sim_db_get_reauth_entry(struct eap_sim_db_data *data,
1258 : const char *reauth_id)
1259 : {
1260 : struct eap_sim_reauth *r;
1261 :
1262 : #ifdef CONFIG_SQLITE
1263 31 : if (data->sqlite_db)
1264 25 : return db_get_reauth(data, reauth_id);
1265 : #endif /* CONFIG_SQLITE */
1266 :
1267 6 : r = data->reauths;
1268 12 : while (r) {
1269 6 : if (os_strcmp(r->reauth_id, reauth_id) == 0)
1270 6 : break;
1271 0 : r = r->next;
1272 : }
1273 :
1274 6 : return r;
1275 : }
1276 :
1277 :
1278 : /**
1279 : * eap_sim_db_remove_reauth - EAP-SIM DB: Remove re-authentication entry
1280 : * @data: Private data pointer from eap_sim_db_init()
1281 : * @reauth: Pointer to re-authentication entry from
1282 : * eap_sim_db_get_reauth_entry()
1283 : */
1284 3 : void eap_sim_db_remove_reauth(struct eap_sim_db_data *data,
1285 : struct eap_sim_reauth *reauth)
1286 : {
1287 3 : struct eap_sim_reauth *r, *prev = NULL;
1288 : #ifdef CONFIG_SQLITE
1289 3 : if (data->sqlite_db) {
1290 3 : db_remove_reauth(data, reauth);
1291 3 : return;
1292 : }
1293 : #endif /* CONFIG_SQLITE */
1294 0 : r = data->reauths;
1295 0 : while (r) {
1296 0 : if (r == reauth) {
1297 0 : if (prev)
1298 0 : prev->next = r->next;
1299 : else
1300 0 : data->reauths = r->next;
1301 0 : eap_sim_db_free_reauth(r);
1302 0 : return;
1303 : }
1304 0 : prev = r;
1305 0 : r = r->next;
1306 : }
1307 : }
1308 :
1309 :
1310 : /**
1311 : * eap_sim_db_get_aka_auth - Get AKA authentication values
1312 : * @data: Private data pointer from eap_sim_db_init()
1313 : * @username: Permanent username (prefix | IMSI)
1314 : * @_rand: Buffer for RAND value
1315 : * @autn: Buffer for AUTN value
1316 : * @ik: Buffer for IK value
1317 : * @ck: Buffer for CK value
1318 : * @res: Buffer for RES value
1319 : * @res_len: Buffer for RES length
1320 : * @cb_session_ctx: Session callback context for get_complete_cb()
1321 : * Returns: 0 on success, -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not
1322 : * found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this
1323 : * case, the callback function registered with eap_sim_db_init() will be
1324 : * called once the results become available.
1325 : *
1326 : * When using an external server for AKA authentication, this function can
1327 : * always start a request and return EAP_SIM_DB_PENDING immediately if
1328 : * authentication triplets are not available. Once the authentication data are
1329 : * received, callback function registered with eap_sim_db_init() is called to
1330 : * notify EAP state machine to reprocess the message. This
1331 : * eap_sim_db_get_aka_auth() function will then be called again and the newly
1332 : * received triplets will then be given to the caller.
1333 : */
1334 100 : int eap_sim_db_get_aka_auth(struct eap_sim_db_data *data, const char *username,
1335 : u8 *_rand, u8 *autn, u8 *ik, u8 *ck,
1336 : u8 *res, size_t *res_len, void *cb_session_ctx)
1337 : {
1338 : struct eap_sim_db_pending *entry;
1339 : int len;
1340 : char msg[40];
1341 : const char *imsi;
1342 : size_t imsi_len;
1343 :
1344 200 : if (username == NULL ||
1345 126 : (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1346 126 : username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1347 200 : username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
1348 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1349 : username);
1350 0 : return EAP_SIM_DB_FAILURE;
1351 : }
1352 100 : imsi = username + 1;
1353 100 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1354 : imsi);
1355 :
1356 100 : entry = eap_sim_db_get_pending(data, imsi, 1);
1357 100 : if (entry) {
1358 50 : if (entry->state == FAILURE) {
1359 0 : os_free(entry);
1360 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failure");
1361 0 : return EAP_SIM_DB_FAILURE;
1362 : }
1363 :
1364 50 : if (entry->state == PENDING) {
1365 0 : eap_sim_db_add_pending(data, entry);
1366 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending");
1367 0 : return EAP_SIM_DB_PENDING;
1368 : }
1369 :
1370 50 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Returning successfully "
1371 : "received authentication data");
1372 50 : os_memcpy(_rand, entry->u.aka.rand, EAP_AKA_RAND_LEN);
1373 50 : os_memcpy(autn, entry->u.aka.autn, EAP_AKA_AUTN_LEN);
1374 50 : os_memcpy(ik, entry->u.aka.ik, EAP_AKA_IK_LEN);
1375 50 : os_memcpy(ck, entry->u.aka.ck, EAP_AKA_CK_LEN);
1376 50 : os_memcpy(res, entry->u.aka.res, EAP_AKA_RES_MAX_LEN);
1377 50 : *res_len = entry->u.aka.res_len;
1378 50 : os_free(entry);
1379 50 : return 0;
1380 : }
1381 :
1382 50 : if (data->sock < 0) {
1383 0 : if (eap_sim_db_open_socket(data) < 0)
1384 0 : return EAP_SIM_DB_FAILURE;
1385 : }
1386 :
1387 50 : imsi_len = os_strlen(imsi);
1388 50 : len = os_snprintf(msg, sizeof(msg), "AKA-REQ-AUTH ");
1389 100 : if (os_snprintf_error(sizeof(msg), len) ||
1390 50 : len + imsi_len >= sizeof(msg))
1391 0 : return EAP_SIM_DB_FAILURE;
1392 50 : os_memcpy(msg + len, imsi, imsi_len);
1393 50 : len += imsi_len;
1394 :
1395 50 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting AKA authentication "
1396 : "data for IMSI '%s'", imsi);
1397 50 : if (eap_sim_db_send(data, msg, len) < 0)
1398 0 : return EAP_SIM_DB_FAILURE;
1399 :
1400 50 : entry = os_zalloc(sizeof(*entry));
1401 50 : if (entry == NULL)
1402 0 : return EAP_SIM_DB_FAILURE;
1403 :
1404 50 : entry->aka = 1;
1405 50 : os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
1406 50 : entry->cb_session_ctx = cb_session_ctx;
1407 50 : entry->state = PENDING;
1408 50 : eap_sim_db_add_pending(data, entry);
1409 50 : eap_sim_db_expire_pending(data);
1410 :
1411 50 : return EAP_SIM_DB_PENDING;
1412 : }
1413 :
1414 :
1415 : /**
1416 : * eap_sim_db_resynchronize - Resynchronize AKA AUTN
1417 : * @data: Private data pointer from eap_sim_db_init()
1418 : * @username: Permanent username
1419 : * @auts: AUTS value from the peer
1420 : * @_rand: RAND value used in the rejected message
1421 : * Returns: 0 on success, -1 on failure
1422 : *
1423 : * This function is called when the peer reports synchronization failure in the
1424 : * AUTN value by sending AUTS. The AUTS and RAND values should be sent to
1425 : * HLR/AuC to allow it to resynchronize with the peer. After this,
1426 : * eap_sim_db_get_aka_auth() will be called again to to fetch updated
1427 : * RAND/AUTN values for the next challenge.
1428 : */
1429 5 : int eap_sim_db_resynchronize(struct eap_sim_db_data *data,
1430 : const char *username,
1431 : const u8 *auts, const u8 *_rand)
1432 : {
1433 : const char *imsi;
1434 : size_t imsi_len;
1435 :
1436 10 : if (username == NULL ||
1437 5 : (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1438 5 : username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1439 10 : username[1] == '\0' || os_strlen(username) > 20) {
1440 0 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1441 : username);
1442 0 : return -1;
1443 : }
1444 5 : imsi = username + 1;
1445 5 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1446 : imsi);
1447 :
1448 5 : if (data->sock >= 0) {
1449 : char msg[100];
1450 : int len, ret;
1451 :
1452 5 : imsi_len = os_strlen(imsi);
1453 5 : len = os_snprintf(msg, sizeof(msg), "AKA-AUTS ");
1454 10 : if (os_snprintf_error(sizeof(msg), len) ||
1455 5 : len + imsi_len >= sizeof(msg))
1456 0 : return -1;
1457 5 : os_memcpy(msg + len, imsi, imsi_len);
1458 5 : len += imsi_len;
1459 :
1460 5 : ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1461 5 : if (os_snprintf_error(sizeof(msg) - len, ret))
1462 0 : return -1;
1463 5 : len += ret;
1464 5 : len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1465 : auts, EAP_AKA_AUTS_LEN);
1466 5 : ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1467 5 : if (os_snprintf_error(sizeof(msg) - len, ret))
1468 0 : return -1;
1469 5 : len += ret;
1470 5 : len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1471 : _rand, EAP_AKA_RAND_LEN);
1472 5 : wpa_printf(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for "
1473 : "IMSI '%s'", imsi);
1474 5 : if (eap_sim_db_send(data, msg, len) < 0)
1475 0 : return -1;
1476 : }
1477 :
1478 5 : return 0;
1479 : }
1480 :
1481 :
1482 : /**
1483 : * sim_get_username - Extract username from SIM identity
1484 : * @identity: Identity
1485 : * @identity_len: Identity length
1486 : * Returns: Allocated buffer with the username part of the identity
1487 : *
1488 : * Caller is responsible for freeing the returned buffer with os_free().
1489 : */
1490 227 : char * sim_get_username(const u8 *identity, size_t identity_len)
1491 : {
1492 : size_t pos;
1493 :
1494 227 : if (identity == NULL)
1495 0 : return NULL;
1496 :
1497 4031 : for (pos = 0; pos < identity_len; pos++) {
1498 3841 : if (identity[pos] == '@' || identity[pos] == '\0')
1499 : break;
1500 : }
1501 :
1502 227 : return dup_binstr(identity, pos);
1503 : }
|