xref: /freebsd/contrib/wpa/src/eap_server/eap_sim_db.c (revision 8d20be1e22095c27faf8fe8b2f0d089739cc742e)
1 /*
2  * hostapd / EAP-SIM database/authenticator gateway
3  * Copyright (c) 2005-2010, 2012, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This is an example implementation of the EAP-SIM/AKA database/authentication
9  * gateway interface that is using an external program as an SS7 gateway to
10  * GSM/UMTS authentication center (HLR/AuC). hlr_auc_gw is an example
11  * implementation of such a gateway program. This eap_sim_db.c takes care of
12  * EAP-SIM/AKA pseudonyms and re-auth identities. It can be used with different
13  * gateway implementations for HLR/AuC access. Alternatively, it can also be
14  * completely replaced if the in-memory database of pseudonyms/re-auth
15  * identities is not suitable for some cases.
16  */
17 
18 #include "includes.h"
19 #include <sys/un.h>
20 #ifdef CONFIG_SQLITE
21 #include <sqlite3.h>
22 #endif /* CONFIG_SQLITE */
23 
24 #include "common.h"
25 #include "crypto/random.h"
26 #include "eap_common/eap_sim_common.h"
27 #include "eap_server/eap_sim_db.h"
28 #include "eloop.h"
29 
30 struct eap_sim_pseudonym {
31 	struct eap_sim_pseudonym *next;
32 	char *permanent; /* permanent username */
33 	char *pseudonym; /* pseudonym username */
34 };
35 
36 struct eap_sim_db_pending {
37 	struct eap_sim_db_pending *next;
38 	char imsi[20];
39 	enum { PENDING, SUCCESS, FAILURE } state;
40 	void *cb_session_ctx;
41 	struct os_time timestamp;
42 	int aka;
43 	union {
44 		struct {
45 			u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN];
46 			u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN];
47 			u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN];
48 			int num_chal;
49 		} sim;
50 		struct {
51 			u8 rand[EAP_AKA_RAND_LEN];
52 			u8 autn[EAP_AKA_AUTN_LEN];
53 			u8 ik[EAP_AKA_IK_LEN];
54 			u8 ck[EAP_AKA_CK_LEN];
55 			u8 res[EAP_AKA_RES_MAX_LEN];
56 			size_t res_len;
57 		} aka;
58 	} u;
59 };
60 
61 struct eap_sim_db_data {
62 	int sock;
63 	char *fname;
64 	char *local_sock;
65 	void (*get_complete_cb)(void *ctx, void *session_ctx);
66 	void *ctx;
67 	struct eap_sim_pseudonym *pseudonyms;
68 	struct eap_sim_reauth *reauths;
69 	struct eap_sim_db_pending *pending;
70 #ifdef CONFIG_SQLITE
71 	sqlite3 *sqlite_db;
72 	char db_tmp_identity[100];
73 	char db_tmp_pseudonym_str[100];
74 	struct eap_sim_pseudonym db_tmp_pseudonym;
75 	struct eap_sim_reauth db_tmp_reauth;
76 #endif /* CONFIG_SQLITE */
77 };
78 
79 
80 #ifdef CONFIG_SQLITE
81 
82 static int db_table_exists(sqlite3 *db, const char *name)
83 {
84 	char cmd[128];
85 	os_snprintf(cmd, sizeof(cmd), "SELECT 1 FROM %s;", name);
86 	return sqlite3_exec(db, cmd, NULL, NULL, NULL) == SQLITE_OK;
87 }
88 
89 
90 static int db_table_create_pseudonym(sqlite3 *db)
91 {
92 	char *err = NULL;
93 	const char *sql =
94 		"CREATE TABLE pseudonyms("
95 		"  permanent CHAR(21) PRIMARY KEY,"
96 		"  pseudonym CHAR(21) NOT NULL"
97 		");";
98 
99 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
100 		   "pseudonym information");
101 	if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
102 		wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
103 		sqlite3_free(err);
104 		return -1;
105 	}
106 
107 	return 0;
108 }
109 
110 
111 static int db_table_create_reauth(sqlite3 *db)
112 {
113 	char *err = NULL;
114 	const char *sql =
115 		"CREATE TABLE reauth("
116 		"  permanent CHAR(21) PRIMARY KEY,"
117 		"  reauth_id CHAR(21) NOT NULL,"
118 		"  counter INTEGER,"
119 		"  mk CHAR(40),"
120 		"  k_encr CHAR(32),"
121 		"  k_aut CHAR(64),"
122 		"  k_re CHAR(64)"
123 		");";
124 
125 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Adding database table for "
126 		   "reauth information");
127 	if (sqlite3_exec(db, sql, NULL, NULL, &err) != SQLITE_OK) {
128 		wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
129 		sqlite3_free(err);
130 		return -1;
131 	}
132 
133 	return 0;
134 }
135 
136 
137 static sqlite3 * db_open(const char *db_file)
138 {
139 	sqlite3 *db;
140 
141 	if (sqlite3_open(db_file, &db)) {
142 		wpa_printf(MSG_ERROR, "EAP-SIM DB: Failed to open database "
143 			   "%s: %s", db_file, sqlite3_errmsg(db));
144 		sqlite3_close(db);
145 		return NULL;
146 	}
147 
148 	if (!db_table_exists(db, "pseudonyms") &&
149 	    db_table_create_pseudonym(db) < 0) {
150 		sqlite3_close(db);
151 		return NULL;
152 	}
153 
154 	if (!db_table_exists(db, "reauth") &&
155 	    db_table_create_reauth(db) < 0) {
156 		sqlite3_close(db);
157 		return NULL;
158 	}
159 
160 	return db;
161 }
162 
163 
164 static int valid_db_string(const char *str)
165 {
166 	const char *pos = str;
167 	while (*pos) {
168 		if ((*pos < '0' || *pos > '9') &&
169 		    (*pos < 'a' || *pos > 'f'))
170 			return 0;
171 		pos++;
172 	}
173 	return 1;
174 }
175 
176 
177 static int db_add_pseudonym(struct eap_sim_db_data *data,
178 			    const char *permanent, char *pseudonym)
179 {
180 	char cmd[128];
181 	char *err = NULL;
182 
183 	if (!valid_db_string(permanent) || !valid_db_string(pseudonym)) {
184 		os_free(pseudonym);
185 		return -1;
186 	}
187 
188 	os_snprintf(cmd, sizeof(cmd), "INSERT OR REPLACE INTO pseudonyms "
189 		    "(permanent, pseudonym) VALUES ('%s', '%s');",
190 		    permanent, pseudonym);
191 	os_free(pseudonym);
192 	if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
193 	{
194 		wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
195 		sqlite3_free(err);
196 		return -1;
197 	}
198 
199 	return 0;
200 }
201 
202 
203 static int get_pseudonym_cb(void *ctx, int argc, char *argv[], char *col[])
204 {
205 	struct eap_sim_db_data *data = ctx;
206 	int i;
207 
208 	for (i = 0; i < argc; i++) {
209 		if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
210 			os_strlcpy(data->db_tmp_identity, argv[i],
211 				   sizeof(data->db_tmp_identity));
212 		}
213 	}
214 
215 	return 0;
216 }
217 
218 
219 static char *
220 db_get_pseudonym(struct eap_sim_db_data *data, const char *pseudonym)
221 {
222 	char cmd[128];
223 
224 	if (!valid_db_string(pseudonym))
225 		return NULL;
226 	os_memset(&data->db_tmp_identity, 0, sizeof(data->db_tmp_identity));
227 	os_snprintf(cmd, sizeof(cmd),
228 		    "SELECT permanent FROM pseudonyms WHERE pseudonym='%s';",
229 		    pseudonym);
230 	if (sqlite3_exec(data->sqlite_db, cmd, get_pseudonym_cb, data, NULL) !=
231 	    SQLITE_OK)
232 		return NULL;
233 	if (data->db_tmp_identity[0] == '\0')
234 		return NULL;
235 	return data->db_tmp_identity;
236 }
237 
238 
239 static int db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
240 			 char *reauth_id, u16 counter, const u8 *mk,
241 			 const u8 *k_encr, const u8 *k_aut, const u8 *k_re)
242 {
243 	char cmd[2000], *pos, *end;
244 	char *err = NULL;
245 
246 	if (!valid_db_string(permanent) || !valid_db_string(reauth_id)) {
247 		os_free(reauth_id);
248 		return -1;
249 	}
250 
251 	pos = cmd;
252 	end = pos + sizeof(cmd);
253 	pos += os_snprintf(pos, end - pos, "INSERT OR REPLACE INTO reauth "
254 			   "(permanent, reauth_id, counter%s%s%s%s) "
255 			   "VALUES ('%s', '%s', %u",
256 			   mk ? ", mk" : "",
257 			   k_encr ? ", k_encr" : "",
258 			   k_aut ? ", k_aut" : "",
259 			   k_re ? ", k_re" : "",
260 			   permanent, reauth_id, counter);
261 	os_free(reauth_id);
262 
263 	if (mk) {
264 		pos += os_snprintf(pos, end - pos, ", '");
265 		pos += wpa_snprintf_hex(pos, end - pos, mk, EAP_SIM_MK_LEN);
266 		pos += os_snprintf(pos, end - pos, "'");
267 	}
268 
269 	if (k_encr) {
270 		pos += os_snprintf(pos, end - pos, ", '");
271 		pos += wpa_snprintf_hex(pos, end - pos, k_encr,
272 					EAP_SIM_K_ENCR_LEN);
273 		pos += os_snprintf(pos, end - pos, "'");
274 	}
275 
276 	if (k_aut) {
277 		pos += os_snprintf(pos, end - pos, ", '");
278 		pos += wpa_snprintf_hex(pos, end - pos, k_aut,
279 					EAP_AKA_PRIME_K_AUT_LEN);
280 		pos += os_snprintf(pos, end - pos, "'");
281 	}
282 
283 	if (k_re) {
284 		pos += os_snprintf(pos, end - pos, ", '");
285 		pos += wpa_snprintf_hex(pos, end - pos, k_re,
286 					EAP_AKA_PRIME_K_RE_LEN);
287 		pos += os_snprintf(pos, end - pos, "'");
288 	}
289 
290 	os_snprintf(pos, end - pos, ");");
291 
292 	if (sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, &err) != SQLITE_OK)
293 	{
294 		wpa_printf(MSG_ERROR, "EAP-SIM DB: SQLite error: %s", err);
295 		sqlite3_free(err);
296 		return -1;
297 	}
298 
299 	return 0;
300 }
301 
302 
303 static int get_reauth_cb(void *ctx, int argc, char *argv[], char *col[])
304 {
305 	struct eap_sim_db_data *data = ctx;
306 	int i;
307 	struct eap_sim_reauth *reauth = &data->db_tmp_reauth;
308 
309 	for (i = 0; i < argc; i++) {
310 		if (os_strcmp(col[i], "permanent") == 0 && argv[i]) {
311 			os_strlcpy(data->db_tmp_identity, argv[i],
312 				   sizeof(data->db_tmp_identity));
313 			reauth->permanent = data->db_tmp_identity;
314 		} else if (os_strcmp(col[i], "counter") == 0 && argv[i]) {
315 			reauth->counter = atoi(argv[i]);
316 		} else if (os_strcmp(col[i], "mk") == 0 && argv[i]) {
317 			hexstr2bin(argv[i], reauth->mk, sizeof(reauth->mk));
318 		} else if (os_strcmp(col[i], "k_encr") == 0 && argv[i]) {
319 			hexstr2bin(argv[i], reauth->k_encr,
320 				   sizeof(reauth->k_encr));
321 		} else if (os_strcmp(col[i], "k_aut") == 0 && argv[i]) {
322 			hexstr2bin(argv[i], reauth->k_aut,
323 				   sizeof(reauth->k_aut));
324 		} else if (os_strcmp(col[i], "k_re") == 0 && argv[i]) {
325 			hexstr2bin(argv[i], reauth->k_re,
326 				   sizeof(reauth->k_re));
327 		}
328 	}
329 
330 	return 0;
331 }
332 
333 
334 static struct eap_sim_reauth *
335 db_get_reauth(struct eap_sim_db_data *data, const char *reauth_id)
336 {
337 	char cmd[256];
338 
339 	if (!valid_db_string(reauth_id))
340 		return NULL;
341 	os_memset(&data->db_tmp_reauth, 0, sizeof(data->db_tmp_reauth));
342 	os_strlcpy(data->db_tmp_pseudonym_str, reauth_id,
343 		   sizeof(data->db_tmp_pseudonym_str));
344 	data->db_tmp_reauth.reauth_id = data->db_tmp_pseudonym_str;
345 	os_snprintf(cmd, sizeof(cmd),
346 		    "SELECT * FROM reauth WHERE reauth_id='%s';", reauth_id);
347 	if (sqlite3_exec(data->sqlite_db, cmd, get_reauth_cb, data, NULL) !=
348 	    SQLITE_OK)
349 		return NULL;
350 	if (data->db_tmp_reauth.permanent == NULL)
351 		return NULL;
352 	return &data->db_tmp_reauth;
353 }
354 
355 
356 static void db_remove_reauth(struct eap_sim_db_data *data,
357 			     struct eap_sim_reauth *reauth)
358 {
359 	char cmd[256];
360 
361 	if (!valid_db_string(reauth->permanent))
362 		return;
363 	os_snprintf(cmd, sizeof(cmd),
364 		    "DELETE FROM reauth WHERE permanent='%s';",
365 		    reauth->permanent);
366 	sqlite3_exec(data->sqlite_db, cmd, NULL, NULL, NULL);
367 }
368 
369 #endif /* CONFIG_SQLITE */
370 
371 
372 static struct eap_sim_db_pending *
373 eap_sim_db_get_pending(struct eap_sim_db_data *data, const char *imsi, int aka)
374 {
375 	struct eap_sim_db_pending *entry, *prev = NULL;
376 
377 	entry = data->pending;
378 	while (entry) {
379 		if (entry->aka == aka && os_strcmp(entry->imsi, imsi) == 0) {
380 			if (prev)
381 				prev->next = entry->next;
382 			else
383 				data->pending = entry->next;
384 			break;
385 		}
386 		prev = entry;
387 		entry = entry->next;
388 	}
389 	return entry;
390 }
391 
392 
393 static void eap_sim_db_add_pending(struct eap_sim_db_data *data,
394 				   struct eap_sim_db_pending *entry)
395 {
396 	entry->next = data->pending;
397 	data->pending = entry;
398 }
399 
400 
401 static void eap_sim_db_sim_resp_auth(struct eap_sim_db_data *data,
402 				     const char *imsi, char *buf)
403 {
404 	char *start, *end, *pos;
405 	struct eap_sim_db_pending *entry;
406 	int num_chal;
407 
408 	/*
409 	 * SIM-RESP-AUTH <IMSI> Kc(i):SRES(i):RAND(i) ...
410 	 * SIM-RESP-AUTH <IMSI> FAILURE
411 	 * (IMSI = ASCII string, Kc/SRES/RAND = hex string)
412 	 */
413 
414 	entry = eap_sim_db_get_pending(data, imsi, 0);
415 	if (entry == NULL) {
416 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
417 			   "received message found");
418 		return;
419 	}
420 
421 	start = buf;
422 	if (os_strncmp(start, "FAILURE", 7) == 0) {
423 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
424 			   "failure");
425 		entry->state = FAILURE;
426 		eap_sim_db_add_pending(data, entry);
427 		data->get_complete_cb(data->ctx, entry->cb_session_ctx);
428 		return;
429 	}
430 
431 	num_chal = 0;
432 	while (num_chal < EAP_SIM_MAX_CHAL) {
433 		end = os_strchr(start, ' ');
434 		if (end)
435 			*end = '\0';
436 
437 		pos = os_strchr(start, ':');
438 		if (pos == NULL)
439 			goto parse_fail;
440 		*pos = '\0';
441 		if (hexstr2bin(start, entry->u.sim.kc[num_chal],
442 			       EAP_SIM_KC_LEN))
443 			goto parse_fail;
444 
445 		start = pos + 1;
446 		pos = os_strchr(start, ':');
447 		if (pos == NULL)
448 			goto parse_fail;
449 		*pos = '\0';
450 		if (hexstr2bin(start, entry->u.sim.sres[num_chal],
451 			       EAP_SIM_SRES_LEN))
452 			goto parse_fail;
453 
454 		start = pos + 1;
455 		if (hexstr2bin(start, entry->u.sim.rand[num_chal],
456 			       GSM_RAND_LEN))
457 			goto parse_fail;
458 
459 		num_chal++;
460 		if (end == NULL)
461 			break;
462 		else
463 			start = end + 1;
464 	}
465 	entry->u.sim.num_chal = num_chal;
466 
467 	entry->state = SUCCESS;
468 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
469 		   "successfully - callback");
470 	eap_sim_db_add_pending(data, entry);
471 	data->get_complete_cb(data->ctx, entry->cb_session_ctx);
472 	return;
473 
474 parse_fail:
475 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
476 	os_free(entry);
477 }
478 
479 
480 static void eap_sim_db_aka_resp_auth(struct eap_sim_db_data *data,
481 				     const char *imsi, char *buf)
482 {
483 	char *start, *end;
484 	struct eap_sim_db_pending *entry;
485 
486 	/*
487 	 * AKA-RESP-AUTH <IMSI> <RAND> <AUTN> <IK> <CK> <RES>
488 	 * AKA-RESP-AUTH <IMSI> FAILURE
489 	 * (IMSI = ASCII string, RAND/AUTN/IK/CK/RES = hex string)
490 	 */
491 
492 	entry = eap_sim_db_get_pending(data, imsi, 1);
493 	if (entry == NULL) {
494 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the "
495 			   "received message found");
496 		return;
497 	}
498 
499 	start = buf;
500 	if (os_strncmp(start, "FAILURE", 7) == 0) {
501 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported "
502 			   "failure");
503 		entry->state = FAILURE;
504 		eap_sim_db_add_pending(data, entry);
505 		data->get_complete_cb(data->ctx, entry->cb_session_ctx);
506 		return;
507 	}
508 
509 	end = os_strchr(start, ' ');
510 	if (end == NULL)
511 		goto parse_fail;
512 	*end = '\0';
513 	if (hexstr2bin(start, entry->u.aka.rand, EAP_AKA_RAND_LEN))
514 		goto parse_fail;
515 
516 	start = end + 1;
517 	end = os_strchr(start, ' ');
518 	if (end == NULL)
519 		goto parse_fail;
520 	*end = '\0';
521 	if (hexstr2bin(start, entry->u.aka.autn, EAP_AKA_AUTN_LEN))
522 		goto parse_fail;
523 
524 	start = end + 1;
525 	end = os_strchr(start, ' ');
526 	if (end == NULL)
527 		goto parse_fail;
528 	*end = '\0';
529 	if (hexstr2bin(start, entry->u.aka.ik, EAP_AKA_IK_LEN))
530 		goto parse_fail;
531 
532 	start = end + 1;
533 	end = os_strchr(start, ' ');
534 	if (end == NULL)
535 		goto parse_fail;
536 	*end = '\0';
537 	if (hexstr2bin(start, entry->u.aka.ck, EAP_AKA_CK_LEN))
538 		goto parse_fail;
539 
540 	start = end + 1;
541 	end = os_strchr(start, ' ');
542 	if (end)
543 		*end = '\0';
544 	else {
545 		end = start;
546 		while (*end)
547 			end++;
548 	}
549 	entry->u.aka.res_len = (end - start) / 2;
550 	if (entry->u.aka.res_len > EAP_AKA_RES_MAX_LEN) {
551 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Too long RES");
552 		entry->u.aka.res_len = 0;
553 		goto parse_fail;
554 	}
555 	if (hexstr2bin(start, entry->u.aka.res, entry->u.aka.res_len))
556 		goto parse_fail;
557 
558 	entry->state = SUCCESS;
559 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed "
560 		   "successfully - callback");
561 	eap_sim_db_add_pending(data, entry);
562 	data->get_complete_cb(data->ctx, entry->cb_session_ctx);
563 	return;
564 
565 parse_fail:
566 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
567 	os_free(entry);
568 }
569 
570 
571 static void eap_sim_db_receive(int sock, void *eloop_ctx, void *sock_ctx)
572 {
573 	struct eap_sim_db_data *data = eloop_ctx;
574 	char buf[1000], *pos, *cmd, *imsi;
575 	int res;
576 
577 	res = recv(sock, buf, sizeof(buf), 0);
578 	if (res < 0)
579 		return;
580 	wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-SIM DB: Received from an "
581 			      "external source", (u8 *) buf, res);
582 	if (res == 0)
583 		return;
584 	if (res >= (int) sizeof(buf))
585 		res = sizeof(buf) - 1;
586 	buf[res] = '\0';
587 
588 	if (data->get_complete_cb == NULL) {
589 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: No get_complete_cb "
590 			   "registered");
591 		return;
592 	}
593 
594 	/* <cmd> <IMSI> ... */
595 
596 	cmd = buf;
597 	pos = os_strchr(cmd, ' ');
598 	if (pos == NULL)
599 		goto parse_fail;
600 	*pos = '\0';
601 	imsi = pos + 1;
602 	pos = os_strchr(imsi, ' ');
603 	if (pos == NULL)
604 		goto parse_fail;
605 	*pos = '\0';
606 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: External response=%s for IMSI %s",
607 		   cmd, imsi);
608 
609 	if (os_strcmp(cmd, "SIM-RESP-AUTH") == 0)
610 		eap_sim_db_sim_resp_auth(data, imsi, pos + 1);
611 	else if (os_strcmp(cmd, "AKA-RESP-AUTH") == 0)
612 		eap_sim_db_aka_resp_auth(data, imsi, pos + 1);
613 	else
614 		wpa_printf(MSG_INFO, "EAP-SIM DB: Unknown external response "
615 			   "'%s'", cmd);
616 	return;
617 
618 parse_fail:
619 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string");
620 }
621 
622 
623 static int eap_sim_db_open_socket(struct eap_sim_db_data *data)
624 {
625 	struct sockaddr_un addr;
626 	static int counter = 0;
627 
628 	if (os_strncmp(data->fname, "unix:", 5) != 0)
629 		return -1;
630 
631 	data->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
632 	if (data->sock < 0) {
633 		perror("socket(eap_sim_db)");
634 		return -1;
635 	}
636 
637 	os_memset(&addr, 0, sizeof(addr));
638 	addr.sun_family = AF_UNIX;
639 	os_snprintf(addr.sun_path, sizeof(addr.sun_path),
640 		    "/tmp/eap_sim_db_%d-%d", getpid(), counter++);
641 	os_free(data->local_sock);
642 	data->local_sock = os_strdup(addr.sun_path);
643 	if (bind(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
644 		perror("bind(eap_sim_db)");
645 		close(data->sock);
646 		data->sock = -1;
647 		return -1;
648 	}
649 
650 	os_memset(&addr, 0, sizeof(addr));
651 	addr.sun_family = AF_UNIX;
652 	os_strlcpy(addr.sun_path, data->fname + 5, sizeof(addr.sun_path));
653 	if (connect(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
654 		perror("connect(eap_sim_db)");
655 		wpa_hexdump_ascii(MSG_INFO, "HLR/AuC GW socket",
656 				  (u8 *) addr.sun_path,
657 				  os_strlen(addr.sun_path));
658 		close(data->sock);
659 		data->sock = -1;
660 		return -1;
661 	}
662 
663 	eloop_register_read_sock(data->sock, eap_sim_db_receive, data, NULL);
664 
665 	return 0;
666 }
667 
668 
669 static void eap_sim_db_close_socket(struct eap_sim_db_data *data)
670 {
671 	if (data->sock >= 0) {
672 		eloop_unregister_read_sock(data->sock);
673 		close(data->sock);
674 		data->sock = -1;
675 	}
676 	if (data->local_sock) {
677 		unlink(data->local_sock);
678 		os_free(data->local_sock);
679 		data->local_sock = NULL;
680 	}
681 }
682 
683 
684 /**
685  * eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface
686  * @config: Configuration data (e.g., file name)
687  * @get_complete_cb: Callback function for reporting availability of triplets
688  * @ctx: Context pointer for get_complete_cb
689  * Returns: Pointer to a private data structure or %NULL on failure
690  */
691 struct eap_sim_db_data *
692 eap_sim_db_init(const char *config,
693 		void (*get_complete_cb)(void *ctx, void *session_ctx),
694 		void *ctx)
695 {
696 	struct eap_sim_db_data *data;
697 	char *pos;
698 
699 	data = os_zalloc(sizeof(*data));
700 	if (data == NULL)
701 		return NULL;
702 
703 	data->sock = -1;
704 	data->get_complete_cb = get_complete_cb;
705 	data->ctx = ctx;
706 	data->fname = os_strdup(config);
707 	if (data->fname == NULL)
708 		goto fail;
709 	pos = os_strstr(data->fname, " db=");
710 	if (pos) {
711 		*pos = '\0';
712 #ifdef CONFIG_SQLITE
713 		pos += 4;
714 		data->sqlite_db = db_open(pos);
715 		if (data->sqlite_db == NULL)
716 			goto fail;
717 #endif /* CONFIG_SQLITE */
718 	}
719 
720 	if (os_strncmp(data->fname, "unix:", 5) == 0) {
721 		if (eap_sim_db_open_socket(data)) {
722 			wpa_printf(MSG_DEBUG, "EAP-SIM DB: External database "
723 				   "connection not available - will retry "
724 				   "later");
725 		}
726 	}
727 
728 	return data;
729 
730 fail:
731 	eap_sim_db_close_socket(data);
732 	os_free(data->fname);
733 	os_free(data);
734 	return NULL;
735 }
736 
737 
738 static void eap_sim_db_free_pseudonym(struct eap_sim_pseudonym *p)
739 {
740 	os_free(p->permanent);
741 	os_free(p->pseudonym);
742 	os_free(p);
743 }
744 
745 
746 static void eap_sim_db_free_reauth(struct eap_sim_reauth *r)
747 {
748 	os_free(r->permanent);
749 	os_free(r->reauth_id);
750 	os_free(r);
751 }
752 
753 
754 /**
755  * eap_sim_db_deinit - Deinitialize EAP-SIM DB/authentication gw interface
756  * @priv: Private data pointer from eap_sim_db_init()
757  */
758 void eap_sim_db_deinit(void *priv)
759 {
760 	struct eap_sim_db_data *data = priv;
761 	struct eap_sim_pseudonym *p, *prev;
762 	struct eap_sim_reauth *r, *prevr;
763 	struct eap_sim_db_pending *pending, *prev_pending;
764 
765 #ifdef CONFIG_SQLITE
766 	if (data->sqlite_db) {
767 		sqlite3_close(data->sqlite_db);
768 		data->sqlite_db = NULL;
769 	}
770 #endif /* CONFIG_SQLITE */
771 
772 	eap_sim_db_close_socket(data);
773 	os_free(data->fname);
774 
775 	p = data->pseudonyms;
776 	while (p) {
777 		prev = p;
778 		p = p->next;
779 		eap_sim_db_free_pseudonym(prev);
780 	}
781 
782 	r = data->reauths;
783 	while (r) {
784 		prevr = r;
785 		r = r->next;
786 		eap_sim_db_free_reauth(prevr);
787 	}
788 
789 	pending = data->pending;
790 	while (pending) {
791 		prev_pending = pending;
792 		pending = pending->next;
793 		os_free(prev_pending);
794 	}
795 
796 	os_free(data);
797 }
798 
799 
800 static int eap_sim_db_send(struct eap_sim_db_data *data, const char *msg,
801 			   size_t len)
802 {
803 	int _errno = 0;
804 
805 	if (send(data->sock, msg, len, 0) < 0) {
806 		_errno = errno;
807 		perror("send[EAP-SIM DB UNIX]");
808 	}
809 
810 	if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL ||
811 	    _errno == ECONNREFUSED) {
812 		/* Try to reconnect */
813 		eap_sim_db_close_socket(data);
814 		if (eap_sim_db_open_socket(data) < 0)
815 			return -1;
816 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Reconnected to the "
817 			   "external server");
818 		if (send(data->sock, msg, len, 0) < 0) {
819 			perror("send[EAP-SIM DB UNIX]");
820 			return -1;
821 		}
822 	}
823 
824 	return 0;
825 }
826 
827 
828 static void eap_sim_db_expire_pending(struct eap_sim_db_data *data)
829 {
830 	/* TODO: add limit for maximum length for pending list; remove latest
831 	 * (i.e., last) entry from the list if the limit is reached; could also
832 	 * use timeout to expire pending entries */
833 }
834 
835 
836 /**
837  * eap_sim_db_get_gsm_triplets - Get GSM triplets
838  * @data: Private data pointer from eap_sim_db_init()
839  * @username: Permanent username (prefix | IMSI)
840  * @max_chal: Maximum number of triplets
841  * @_rand: Buffer for RAND values
842  * @kc: Buffer for Kc values
843  * @sres: Buffer for SRES values
844  * @cb_session_ctx: Session callback context for get_complete_cb()
845  * Returns: Number of triplets received (has to be less than or equal to
846  * max_chal), -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or
847  * -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the
848  * callback function registered with eap_sim_db_init() will be called once the
849  * results become available.
850  *
851  * When using an external server for GSM triplets, this function can always
852  * start a request and return EAP_SIM_DB_PENDING immediately if authentication
853  * triplets are not available. Once the triplets are received, callback
854  * function registered with eap_sim_db_init() is called to notify EAP state
855  * machine to reprocess the message. This eap_sim_db_get_gsm_triplets()
856  * function will then be called again and the newly received triplets will then
857  * be given to the caller.
858  */
859 int eap_sim_db_get_gsm_triplets(struct eap_sim_db_data *data,
860 				const char *username, int max_chal,
861 				u8 *_rand, u8 *kc, u8 *sres,
862 				void *cb_session_ctx)
863 {
864 	struct eap_sim_db_pending *entry;
865 	int len, ret;
866 	char msg[40];
867 	const char *imsi;
868 	size_t imsi_len;
869 
870 	if (username == NULL || username[0] != EAP_SIM_PERMANENT_PREFIX ||
871 	    username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
872 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
873 			   username);
874 		return EAP_SIM_DB_FAILURE;
875 	}
876 	imsi = username + 1;
877 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI '%s'",
878 		   imsi);
879 
880 	entry = eap_sim_db_get_pending(data, imsi, 0);
881 	if (entry) {
882 		int num_chal;
883 		if (entry->state == FAILURE) {
884 			wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
885 				   "failure");
886 			os_free(entry);
887 			return EAP_SIM_DB_FAILURE;
888 		}
889 
890 		if (entry->state == PENDING) {
891 			wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
892 				   "still pending");
893 			eap_sim_db_add_pending(data, entry);
894 			return EAP_SIM_DB_PENDING;
895 		}
896 
897 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> "
898 			   "%d challenges", entry->u.sim.num_chal);
899 		num_chal = entry->u.sim.num_chal;
900 		if (num_chal > max_chal)
901 			num_chal = max_chal;
902 		os_memcpy(_rand, entry->u.sim.rand, num_chal * GSM_RAND_LEN);
903 		os_memcpy(sres, entry->u.sim.sres,
904 			  num_chal * EAP_SIM_SRES_LEN);
905 		os_memcpy(kc, entry->u.sim.kc, num_chal * EAP_SIM_KC_LEN);
906 		os_free(entry);
907 		return num_chal;
908 	}
909 
910 	if (data->sock < 0) {
911 		if (eap_sim_db_open_socket(data) < 0)
912 			return EAP_SIM_DB_FAILURE;
913 	}
914 
915 	imsi_len = os_strlen(imsi);
916 	len = os_snprintf(msg, sizeof(msg), "SIM-REQ-AUTH ");
917 	if (len < 0 || len + imsi_len >= sizeof(msg))
918 		return EAP_SIM_DB_FAILURE;
919 	os_memcpy(msg + len, imsi, imsi_len);
920 	len += imsi_len;
921 	ret = os_snprintf(msg + len, sizeof(msg) - len, " %d", max_chal);
922 	if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
923 		return EAP_SIM_DB_FAILURE;
924 	len += ret;
925 
926 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting SIM authentication "
927 		   "data for IMSI '%s'", imsi);
928 	if (eap_sim_db_send(data, msg, len) < 0)
929 		return EAP_SIM_DB_FAILURE;
930 
931 	entry = os_zalloc(sizeof(*entry));
932 	if (entry == NULL)
933 		return EAP_SIM_DB_FAILURE;
934 
935 	os_get_time(&entry->timestamp);
936 	os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
937 	entry->cb_session_ctx = cb_session_ctx;
938 	entry->state = PENDING;
939 	eap_sim_db_add_pending(data, entry);
940 	eap_sim_db_expire_pending(data);
941 
942 	return EAP_SIM_DB_PENDING;
943 }
944 
945 
946 static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix)
947 {
948 	char *id, *pos, *end;
949 	u8 buf[10];
950 
951 	if (random_get_bytes(buf, sizeof(buf)))
952 		return NULL;
953 	id = os_malloc(sizeof(buf) * 2 + 2);
954 	if (id == NULL)
955 		return NULL;
956 
957 	pos = id;
958 	end = id + sizeof(buf) * 2 + 2;
959 	*pos++ = prefix;
960 	pos += wpa_snprintf_hex(pos, end - pos, buf, sizeof(buf));
961 
962 	return id;
963 }
964 
965 
966 /**
967  * eap_sim_db_get_next_pseudonym - EAP-SIM DB: Get next pseudonym
968  * @data: Private data pointer from eap_sim_db_init()
969  * @method: EAP method (SIM/AKA/AKA')
970  * Returns: Next pseudonym (allocated string) or %NULL on failure
971  *
972  * This function is used to generate a pseudonym for EAP-SIM. The returned
973  * pseudonym is not added to database at this point; it will need to be added
974  * with eap_sim_db_add_pseudonym() once the authentication has been completed
975  * successfully. Caller is responsible for freeing the returned buffer.
976  */
977 char * eap_sim_db_get_next_pseudonym(struct eap_sim_db_data *data,
978 				     enum eap_sim_db_method method)
979 {
980 	char prefix = EAP_SIM_REAUTH_ID_PREFIX;
981 
982 	switch (method) {
983 	case EAP_SIM_DB_SIM:
984 		prefix = EAP_SIM_PSEUDONYM_PREFIX;
985 		break;
986 	case EAP_SIM_DB_AKA:
987 		prefix = EAP_AKA_PSEUDONYM_PREFIX;
988 		break;
989 	case EAP_SIM_DB_AKA_PRIME:
990 		prefix = EAP_AKA_PRIME_PSEUDONYM_PREFIX;
991 		break;
992 	}
993 
994 	return eap_sim_db_get_next(data, prefix);
995 }
996 
997 
998 /**
999  * eap_sim_db_get_next_reauth_id - EAP-SIM DB: Get next reauth_id
1000  * @data: Private data pointer from eap_sim_db_init()
1001  * @method: EAP method (SIM/AKA/AKA')
1002  * Returns: Next reauth_id (allocated string) or %NULL on failure
1003  *
1004  * This function is used to generate a fast re-authentication identity for
1005  * EAP-SIM. The returned reauth_id is not added to database at this point; it
1006  * will need to be added with eap_sim_db_add_reauth() once the authentication
1007  * has been completed successfully. Caller is responsible for freeing the
1008  * returned buffer.
1009  */
1010 char * eap_sim_db_get_next_reauth_id(struct eap_sim_db_data *data,
1011 				     enum eap_sim_db_method method)
1012 {
1013 	char prefix = EAP_SIM_REAUTH_ID_PREFIX;
1014 
1015 	switch (method) {
1016 	case EAP_SIM_DB_SIM:
1017 		prefix = EAP_SIM_REAUTH_ID_PREFIX;
1018 		break;
1019 	case EAP_SIM_DB_AKA:
1020 		prefix = EAP_AKA_REAUTH_ID_PREFIX;
1021 		break;
1022 	case EAP_SIM_DB_AKA_PRIME:
1023 		prefix = EAP_AKA_PRIME_REAUTH_ID_PREFIX;
1024 		break;
1025 	}
1026 
1027 	return eap_sim_db_get_next(data, prefix);
1028 }
1029 
1030 
1031 /**
1032  * eap_sim_db_add_pseudonym - EAP-SIM DB: Add new pseudonym
1033  * @data: Private data pointer from eap_sim_db_init()
1034  * @permanent: Permanent username
1035  * @pseudonym: Pseudonym for this user. This needs to be an allocated buffer,
1036  * e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not
1037  * free it.
1038  * Returns: 0 on success, -1 on failure
1039  *
1040  * This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is
1041  * responsible of freeing pseudonym buffer once it is not needed anymore.
1042  */
1043 int eap_sim_db_add_pseudonym(struct eap_sim_db_data *data,
1044 			     const char *permanent, char *pseudonym)
1045 {
1046 	struct eap_sim_pseudonym *p;
1047 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add pseudonym '%s' for permanent "
1048 		   "username '%s'", pseudonym, permanent);
1049 
1050 	/* TODO: could store last two pseudonyms */
1051 #ifdef CONFIG_SQLITE
1052 	if (data->sqlite_db)
1053 		return db_add_pseudonym(data, permanent, pseudonym);
1054 #endif /* CONFIG_SQLITE */
1055 	for (p = data->pseudonyms; p; p = p->next) {
1056 		if (os_strcmp(permanent, p->permanent) == 0)
1057 			break;
1058 	}
1059 	if (p) {
1060 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1061 			   "pseudonym: %s", p->pseudonym);
1062 		os_free(p->pseudonym);
1063 		p->pseudonym = pseudonym;
1064 		return 0;
1065 	}
1066 
1067 	p = os_zalloc(sizeof(*p));
1068 	if (p == NULL) {
1069 		os_free(pseudonym);
1070 		return -1;
1071 	}
1072 
1073 	p->next = data->pseudonyms;
1074 	p->permanent = os_strdup(permanent);
1075 	if (p->permanent == NULL) {
1076 		os_free(p);
1077 		os_free(pseudonym);
1078 		return -1;
1079 	}
1080 	p->pseudonym = pseudonym;
1081 	data->pseudonyms = p;
1082 
1083 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new pseudonym entry");
1084 	return 0;
1085 }
1086 
1087 
1088 static struct eap_sim_reauth *
1089 eap_sim_db_add_reauth_data(struct eap_sim_db_data *data,
1090 			   const char *permanent,
1091 			   char *reauth_id, u16 counter)
1092 {
1093 	struct eap_sim_reauth *r;
1094 
1095 	for (r = data->reauths; r; r = r->next) {
1096 		if (os_strcmp(r->permanent, permanent) == 0)
1097 			break;
1098 	}
1099 
1100 	if (r) {
1101 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous "
1102 			   "reauth_id: %s", r->reauth_id);
1103 		os_free(r->reauth_id);
1104 		r->reauth_id = reauth_id;
1105 	} else {
1106 		r = os_zalloc(sizeof(*r));
1107 		if (r == NULL) {
1108 			os_free(reauth_id);
1109 			return NULL;
1110 		}
1111 
1112 		r->next = data->reauths;
1113 		r->permanent = os_strdup(permanent);
1114 		if (r->permanent == NULL) {
1115 			os_free(r);
1116 			os_free(reauth_id);
1117 			return NULL;
1118 		}
1119 		r->reauth_id = reauth_id;
1120 		data->reauths = r;
1121 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new reauth entry");
1122 	}
1123 
1124 	r->counter = counter;
1125 
1126 	return r;
1127 }
1128 
1129 
1130 /**
1131  * eap_sim_db_add_reauth - EAP-SIM DB: Add new re-authentication entry
1132  * @priv: Private data pointer from eap_sim_db_init()
1133  * @permanent: Permanent username
1134  * @identity_len: Length of identity
1135  * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1136  * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1137  * free it.
1138  * @counter: AT_COUNTER value for fast re-authentication
1139  * @mk: 16-byte MK from the previous full authentication or %NULL
1140  * Returns: 0 on success, -1 on failure
1141  *
1142  * This function adds a new re-authentication entry for an EAP-SIM user.
1143  * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1144  * anymore.
1145  */
1146 int eap_sim_db_add_reauth(struct eap_sim_db_data *data, const char *permanent,
1147 			  char *reauth_id, u16 counter, const u8 *mk)
1148 {
1149 	struct eap_sim_reauth *r;
1150 
1151 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1152 		   "identity '%s'", reauth_id, permanent);
1153 
1154 #ifdef CONFIG_SQLITE
1155 	if (data->sqlite_db)
1156 		return db_add_reauth(data, permanent, reauth_id, counter, mk,
1157 				     NULL, NULL, NULL);
1158 #endif /* CONFIG_SQLITE */
1159 	r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1160 	if (r == NULL)
1161 		return -1;
1162 
1163 	os_memcpy(r->mk, mk, EAP_SIM_MK_LEN);
1164 
1165 	return 0;
1166 }
1167 
1168 
1169 #ifdef EAP_SERVER_AKA_PRIME
1170 /**
1171  * eap_sim_db_add_reauth_prime - EAP-AKA' DB: Add new re-authentication entry
1172  * @data: Private data pointer from eap_sim_db_init()
1173  * @permanent: Permanent username
1174  * @reauth_id: reauth_id for this user. This needs to be an allocated buffer,
1175  * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not
1176  * free it.
1177  * @counter: AT_COUNTER value for fast re-authentication
1178  * @k_encr: K_encr from the previous full authentication
1179  * @k_aut: K_aut from the previous full authentication
1180  * @k_re: 32-byte K_re from the previous full authentication
1181  * Returns: 0 on success, -1 on failure
1182  *
1183  * This function adds a new re-authentication entry for an EAP-AKA' user.
1184  * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed
1185  * anymore.
1186  */
1187 int eap_sim_db_add_reauth_prime(struct eap_sim_db_data *data,
1188 				const char *permanent, char *reauth_id,
1189 				u16 counter, const u8 *k_encr,
1190 				const u8 *k_aut, const u8 *k_re)
1191 {
1192 	struct eap_sim_reauth *r;
1193 
1194 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Add reauth_id '%s' for permanent "
1195 		   "identity '%s'", reauth_id, permanent);
1196 
1197 #ifdef CONFIG_SQLITE
1198 	if (data->sqlite_db)
1199 		return db_add_reauth(data, permanent, reauth_id, counter, NULL,
1200 				     k_encr, k_aut, k_re);
1201 #endif /* CONFIG_SQLITE */
1202 	r = eap_sim_db_add_reauth_data(data, permanent, reauth_id, counter);
1203 	if (r == NULL)
1204 		return -1;
1205 
1206 	os_memcpy(r->k_encr, k_encr, EAP_SIM_K_ENCR_LEN);
1207 	os_memcpy(r->k_aut, k_aut, EAP_AKA_PRIME_K_AUT_LEN);
1208 	os_memcpy(r->k_re, k_re, EAP_AKA_PRIME_K_RE_LEN);
1209 
1210 	return 0;
1211 }
1212 #endif /* EAP_SERVER_AKA_PRIME */
1213 
1214 
1215 /**
1216  * eap_sim_db_get_permanent - EAP-SIM DB: Get permanent identity
1217  * @data: Private data pointer from eap_sim_db_init()
1218  * @pseudonym: Pseudonym username
1219  * Returns: Pointer to permanent username or %NULL if not found
1220  */
1221 const char *
1222 eap_sim_db_get_permanent(struct eap_sim_db_data *data, const char *pseudonym)
1223 {
1224 	struct eap_sim_pseudonym *p;
1225 
1226 #ifdef CONFIG_SQLITE
1227 	if (data->sqlite_db)
1228 		return db_get_pseudonym(data, pseudonym);
1229 #endif /* CONFIG_SQLITE */
1230 
1231 	p = data->pseudonyms;
1232 	while (p) {
1233 		if (os_strcmp(p->pseudonym, pseudonym) == 0)
1234 			return p->permanent;
1235 		p = p->next;
1236 	}
1237 
1238 	return NULL;
1239 }
1240 
1241 
1242 /**
1243  * eap_sim_db_get_reauth_entry - EAP-SIM DB: Get re-authentication entry
1244  * @data: Private data pointer from eap_sim_db_init()
1245  * @reauth_id: Fast re-authentication username
1246  * Returns: Pointer to the re-auth entry, or %NULL if not found
1247  */
1248 struct eap_sim_reauth *
1249 eap_sim_db_get_reauth_entry(struct eap_sim_db_data *data,
1250 			    const char *reauth_id)
1251 {
1252 	struct eap_sim_reauth *r;
1253 
1254 #ifdef CONFIG_SQLITE
1255 	if (data->sqlite_db)
1256 		return db_get_reauth(data, reauth_id);
1257 #endif /* CONFIG_SQLITE */
1258 
1259 	r = data->reauths;
1260 	while (r) {
1261 		if (os_strcmp(r->reauth_id, reauth_id) == 0)
1262 			break;
1263 		r = r->next;
1264 	}
1265 
1266 	return r;
1267 }
1268 
1269 
1270 /**
1271  * eap_sim_db_remove_reauth - EAP-SIM DB: Remove re-authentication entry
1272  * @data: Private data pointer from eap_sim_db_init()
1273  * @reauth: Pointer to re-authentication entry from
1274  * eap_sim_db_get_reauth_entry()
1275  */
1276 void eap_sim_db_remove_reauth(struct eap_sim_db_data *data,
1277 			      struct eap_sim_reauth *reauth)
1278 {
1279 	struct eap_sim_reauth *r, *prev = NULL;
1280 #ifdef CONFIG_SQLITE
1281 	if (data->sqlite_db) {
1282 		db_remove_reauth(data, reauth);
1283 		return;
1284 	}
1285 #endif /* CONFIG_SQLITE */
1286 	r = data->reauths;
1287 	while (r) {
1288 		if (r == reauth) {
1289 			if (prev)
1290 				prev->next = r->next;
1291 			else
1292 				data->reauths = r->next;
1293 			eap_sim_db_free_reauth(r);
1294 			return;
1295 		}
1296 		prev = r;
1297 		r = r->next;
1298 	}
1299 }
1300 
1301 
1302 /**
1303  * eap_sim_db_get_aka_auth - Get AKA authentication values
1304  * @data: Private data pointer from eap_sim_db_init()
1305  * @username: Permanent username (prefix | IMSI)
1306  * @_rand: Buffer for RAND value
1307  * @autn: Buffer for AUTN value
1308  * @ik: Buffer for IK value
1309  * @ck: Buffer for CK value
1310  * @res: Buffer for RES value
1311  * @res_len: Buffer for RES length
1312  * @cb_session_ctx: Session callback context for get_complete_cb()
1313  * Returns: 0 on success, -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not
1314  * found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this
1315  * case, the callback function registered with eap_sim_db_init() will be
1316  * called once the results become available.
1317  *
1318  * When using an external server for AKA authentication, this function can
1319  * always start a request and return EAP_SIM_DB_PENDING immediately if
1320  * authentication triplets are not available. Once the authentication data are
1321  * received, callback function registered with eap_sim_db_init() is called to
1322  * notify EAP state machine to reprocess the message. This
1323  * eap_sim_db_get_aka_auth() function will then be called again and the newly
1324  * received triplets will then be given to the caller.
1325  */
1326 int eap_sim_db_get_aka_auth(struct eap_sim_db_data *data, const char *username,
1327 			    u8 *_rand, u8 *autn, u8 *ik, u8 *ck,
1328 			    u8 *res, size_t *res_len, void *cb_session_ctx)
1329 {
1330 	struct eap_sim_db_pending *entry;
1331 	int len;
1332 	char msg[40];
1333 	const char *imsi;
1334 	size_t imsi_len;
1335 
1336 	if (username == NULL ||
1337 	    (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1338 	     username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1339 	    username[1] == '\0' || os_strlen(username) > sizeof(entry->imsi)) {
1340 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1341 			   username);
1342 		return EAP_SIM_DB_FAILURE;
1343 	}
1344 	imsi = username + 1;
1345 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1346 		   imsi);
1347 
1348 	entry = eap_sim_db_get_pending(data, imsi, 1);
1349 	if (entry) {
1350 		if (entry->state == FAILURE) {
1351 			os_free(entry);
1352 			wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failure");
1353 			return EAP_SIM_DB_FAILURE;
1354 		}
1355 
1356 		if (entry->state == PENDING) {
1357 			eap_sim_db_add_pending(data, entry);
1358 			wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending");
1359 			return EAP_SIM_DB_PENDING;
1360 		}
1361 
1362 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: Returning successfully "
1363 			   "received authentication data");
1364 		os_memcpy(_rand, entry->u.aka.rand, EAP_AKA_RAND_LEN);
1365 		os_memcpy(autn, entry->u.aka.autn, EAP_AKA_AUTN_LEN);
1366 		os_memcpy(ik, entry->u.aka.ik, EAP_AKA_IK_LEN);
1367 		os_memcpy(ck, entry->u.aka.ck, EAP_AKA_CK_LEN);
1368 		os_memcpy(res, entry->u.aka.res, EAP_AKA_RES_MAX_LEN);
1369 		*res_len = entry->u.aka.res_len;
1370 		os_free(entry);
1371 		return 0;
1372 	}
1373 
1374 	if (data->sock < 0) {
1375 		if (eap_sim_db_open_socket(data) < 0)
1376 			return EAP_SIM_DB_FAILURE;
1377 	}
1378 
1379 	imsi_len = os_strlen(imsi);
1380 	len = os_snprintf(msg, sizeof(msg), "AKA-REQ-AUTH ");
1381 	if (len < 0 || len + imsi_len >= sizeof(msg))
1382 		return EAP_SIM_DB_FAILURE;
1383 	os_memcpy(msg + len, imsi, imsi_len);
1384 	len += imsi_len;
1385 
1386 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: requesting AKA authentication "
1387 		    "data for IMSI '%s'", imsi);
1388 	if (eap_sim_db_send(data, msg, len) < 0)
1389 		return EAP_SIM_DB_FAILURE;
1390 
1391 	entry = os_zalloc(sizeof(*entry));
1392 	if (entry == NULL)
1393 		return EAP_SIM_DB_FAILURE;
1394 
1395 	os_get_time(&entry->timestamp);
1396 	entry->aka = 1;
1397 	os_strlcpy(entry->imsi, imsi, sizeof(entry->imsi));
1398 	entry->cb_session_ctx = cb_session_ctx;
1399 	entry->state = PENDING;
1400 	eap_sim_db_add_pending(data, entry);
1401 	eap_sim_db_expire_pending(data);
1402 
1403 	return EAP_SIM_DB_PENDING;
1404 }
1405 
1406 
1407 /**
1408  * eap_sim_db_resynchronize - Resynchronize AKA AUTN
1409  * @data: Private data pointer from eap_sim_db_init()
1410  * @username: Permanent username
1411  * @auts: AUTS value from the peer
1412  * @_rand: RAND value used in the rejected message
1413  * Returns: 0 on success, -1 on failure
1414  *
1415  * This function is called when the peer reports synchronization failure in the
1416  * AUTN value by sending AUTS. The AUTS and RAND values should be sent to
1417  * HLR/AuC to allow it to resynchronize with the peer. After this,
1418  * eap_sim_db_get_aka_auth() will be called again to to fetch updated
1419  * RAND/AUTN values for the next challenge.
1420  */
1421 int eap_sim_db_resynchronize(struct eap_sim_db_data *data,
1422 			     const char *username,
1423 			     const u8 *auts, const u8 *_rand)
1424 {
1425 	const char *imsi;
1426 	size_t imsi_len;
1427 
1428 	if (username == NULL ||
1429 	    (username[0] != EAP_AKA_PERMANENT_PREFIX &&
1430 	     username[0] != EAP_AKA_PRIME_PERMANENT_PREFIX) ||
1431 	    username[1] == '\0' || os_strlen(username) > 20) {
1432 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: unexpected username '%s'",
1433 			   username);
1434 		return -1;
1435 	}
1436 	imsi = username + 1;
1437 	wpa_printf(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI '%s'",
1438 		   imsi);
1439 
1440 	if (data->sock >= 0) {
1441 		char msg[100];
1442 		int len, ret;
1443 
1444 		imsi_len = os_strlen(imsi);
1445 		len = os_snprintf(msg, sizeof(msg), "AKA-AUTS ");
1446 		if (len < 0 || len + imsi_len >= sizeof(msg))
1447 			return -1;
1448 		os_memcpy(msg + len, imsi, imsi_len);
1449 		len += imsi_len;
1450 
1451 		ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1452 		if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
1453 			return -1;
1454 		len += ret;
1455 		len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1456 					auts, EAP_AKA_AUTS_LEN);
1457 		ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
1458 		if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
1459 			return -1;
1460 		len += ret;
1461 		len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
1462 					_rand, EAP_AKA_RAND_LEN);
1463 		wpa_printf(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for "
1464 			   "IMSI '%s'", imsi);
1465 		if (eap_sim_db_send(data, msg, len) < 0)
1466 			return -1;
1467 	}
1468 
1469 	return 0;
1470 }
1471 
1472 
1473 /**
1474  * sim_get_username - Extract username from SIM identity
1475  * @identity: Identity
1476  * @identity_len: Identity length
1477  * Returns: Allocated buffer with the username part of the identity
1478  *
1479  * Caller is responsible for freeing the returned buffer with os_free().
1480  */
1481 char * sim_get_username(const u8 *identity, size_t identity_len)
1482 {
1483 	char *username;
1484 	size_t pos;
1485 
1486 	if (identity == NULL)
1487 		return NULL;
1488 
1489 	for (pos = 0; pos < identity_len; pos++) {
1490 		if (identity[pos] == '@' || identity[pos] == '\0')
1491 			break;
1492 	}
1493 
1494 	username = os_malloc(pos + 1);
1495 	if (username == NULL)
1496 		return NULL;
1497 	os_memcpy(username, identity, pos);
1498 	username[pos] = '\0';
1499 
1500 	return username;
1501 }
1502