1/* 2 * Copyright (c) 2008-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * EAPSIMAKAUtil.h 26 * - common definitions/routines for EAP-SIM and EAP-AKA 27 */ 28 29#ifndef _EAP8021X_EAPSIMAKAUTIL_H 30#define _EAP8021X_EAPSIMAKAUTIL_H 31 32/* 33 * Modification History 34 * 35 * October 8, 2012 Dieter Siegmund (dieter@apple) 36 * - created (from eapsim_plugin.c) 37 */ 38 39#include "symbol_scope.h" 40#include "EAPSIMAKA.h" 41#include "EAPSIMAKAPersistentState.h" 42#include <stdio.h> 43#include <CoreFoundation/CFString.h> 44#include <CoreFoundation/CFData.h> 45 46static __inline__ int 47_SizeInPointers(int size) 48{ 49 return ((size + sizeof(void *) - 1) / sizeof(void *)); 50} 51 52#define DECLARE_LOCAL_STRUCTURE(__name, __type, __size_func) \ 53 void * __name ## _buf[_SizeInPointers(__size_func())]; \ 54 __type __name = (__type) __name ## _buf; 55 56 57/** 58 ** TLVBuffer 59 **/ 60typedef struct TLVBuffer * TLVBufferRef; 61 62int 63TLVBufferSizeof(void); 64 65#define TLVBufferDeclare(__name) \ 66 DECLARE_LOCAL_STRUCTURE(__name, TLVBufferRef, TLVBufferSizeof) 67 68int 69TLVBufferUsed(TLVBufferRef tb); 70 71const char * 72TLVBufferErrorString(TLVBufferRef tb); 73 74int 75TLVBufferMaxSize(TLVBufferRef tb); 76 77uint8_t * 78TLVBufferStorage(TLVBufferRef tb); 79 80void 81TLVBufferInit(TLVBufferRef tb, uint8_t * storage, int size); 82 83TLVRef 84TLVBufferAllocateTLV(TLVBufferRef tb, 85 EAPSIMAKAAttributeType type, int length); 86 87Boolean 88TLVBufferAddIdentity(TLVBufferRef tb_p, 89 const uint8_t * identity, int identity_length); 90 91Boolean 92TLVBufferAddIdentityString(TLVBufferRef tb_p, CFStringRef identity, 93 CFDataRef * ret_data); 94Boolean 95TLVBufferAddCounter(TLVBufferRef tb_p, uint16_t at_counter); 96 97Boolean 98TLVBufferAddCounterTooSmall(TLVBufferRef tb_p); 99 100Boolean 101TLVBufferAddPadding(TLVBufferRef tb_p, int padding_length); 102 103/** 104 ** TLV 105 **/ 106CFStringRef 107TLVCreateString(TLVRef tlv_p); 108 109void 110TLVPrint(FILE * f, TLVRef tlv_p); 111 112/** 113 ** TLVList 114 **/ 115typedef struct TLVList * TLVListRef; 116 117int 118TLVListSizeof(void); 119 120#define TLVListDeclare(__name) \ 121 DECLARE_LOCAL_STRUCTURE(__name, TLVListRef, TLVListSizeof) 122 123const char * 124TLVListErrorString(TLVListRef tlvs_p); 125 126void 127TLVListInit(TLVListRef tlvs_p); 128 129void 130TLVListFree(TLVListRef tlvs_p); 131 132void 133TLSListAddAttribute(TLVListRef tlvs_p, const uint8_t * attr); 134 135int 136TLVCheckValidity(TLVListRef tlvs_p, TLVRef tlv_p); 137 138CFStringRef 139TLVCreateString(TLVRef tlv_p); 140 141Boolean 142TLVListParse(TLVListRef tlvs_p, const uint8_t * attrs, int attrs_length); 143 144PRIVATE_EXTERN CFStringRef 145TLVListCopyDescription(TLVListRef tlvs_p); 146 147TLVRef 148TLVListLookupAttribute(TLVListRef tlvs_p, EAPSIMAKAAttributeType type); 149 150EAPSIMAKAAttributeType 151TLVListLookupIdentityAttribute(TLVListRef tlvs_p); 152 153CFStringRef 154TLVListCreateStringFromAttribute(TLVListRef tlvs_p, 155 EAPSIMAKAAttributeType type); 156 157/** 158 ** EAPSIMAKAStatus 159 ** - values for the domain-specific error 160 **/ 161enum { 162 kEAPSIMAKAStatusOK = 0, 163 kEAPSIMAKAStatusFailureAfterAuthentication = 1, 164 kEAPSIMAKAStatusFailureBeforeAuthentication = 2, 165 kEAPSIMAKAStatusAccessTemporarilyDenied = 3, 166 kEAPSIMAKAStatusNotSubscribed = 4, 167 kEAPSIMAKAStatusUnrecognizedNotification = 5, 168}; 169typedef uint32_t EAPSIMAKAStatus; 170 171void 172EAPSIMAKAKeyInfoComputeMAC(EAPSIMAKAKeyInfoRef key_info_p, 173 EAPPacketRef pkt, 174 const uint8_t * mac_p, 175 const uint8_t * extra, int extra_length, 176 uint8_t hash[CC_SHA1_DIGEST_LENGTH]); 177uint8_t * 178EAPSIMAKAKeyInfoDecryptTLVList(EAPSIMAKAKeyInfoRef key_info_p, 179 AT_ENCR_DATA * encr_data_p, AT_IV * iv_p, 180 TLVListRef decrypted_tlvs_p); 181 182bool 183EAPSIMAKAKeyInfoVerifyMAC(EAPSIMAKAKeyInfoRef key_info, 184 EAPPacketRef pkt, 185 const uint8_t * mac_p, 186 const uint8_t * extra, int extra_length); 187 188void 189EAPSIMAKAKeyInfoSetMAC(EAPSIMAKAKeyInfoRef key_info, 190 EAPPacketRef pkt, 191 uint8_t * mac_p, 192 const uint8_t * extra, int extra_length); 193 194void 195EAPSIMAKAKeyInfoComputeReauthKey(EAPSIMAKAKeyInfoRef key_info, 196 EAPSIMAKAPersistentStateRef persist, 197 const void * identity, 198 int identity_length, 199 AT_COUNTER * counter_p, 200 AT_NONCE_S * nonce_s_p); 201bool 202EAPSIMAKAKeyInfoEncryptTLVs(EAPSIMAKAKeyInfoRef key_info, 203 TLVBufferRef tb_p, TLVBufferRef tb_add_p); 204 205 206/* 207 * Function: EAPSIMAKAStatusForATNotificationCode 208 * Purpose: 209 * Map the AT Notification code to EAPSIMAKAStatus value. 210 */ 211EAPSIMAKAStatus 212EAPSIMAKAStatusForATNotificationCode(uint16_t notification_code); 213 214const char * 215EAPSIMAKAPacketSubtypeGetString(EAPSIMAKAPacketSubtype subtype); 216 217const char * 218ATNotificationCodeGetString(uint16_t code); 219 220CFStringRef 221EAPSIMAKAPacketCopyDescription(const EAPPacketRef pkt, bool * packet_is_valid); 222 223#ifdef EAPSIMAKA_PACKET_DUMP 224bool 225EAPSIMAKAPacketDump(FILE * out_f, EAPPacketRef pkt); 226#endif /* EAPSIMAKA_PACKET_DUMP */ 227 228/* 229 * Property: kEAPClientPropEAPSIMAKAIMSI 230 * Purpose: 231 * Statically configure the IMSI. 232 * 233 * Used for testing only. 234 */ 235#define kEAPClientPropEAPSIMAKAIMSI \ 236 CFSTR("EAPSIMAKAIMSI") /* string */ 237 238/* 239 * Property: kEAPClientPropEAPSIMAKAIMSI 240 * Purpose: 241 * Statically configure the realm. May be required in some configurations 242 * to ensure proper AAA routing. 243 */ 244#define kEAPClientPropEAPSIMAKARealm \ 245 CFSTR("EAPSIMAKARealm") /* string */ 246 247/* 248 * Property: kEAPClientPropEAPSIMAKAIdentityType 249 * Purpose: 250 * Control which identity is used. If this property is not specified 251 * the default behavior is to accept and use reauth IDs, pseudonyms, 252 * and the permanent ID (IMSI). 253 * 254 * If kEAPSIMAKAIdentityTypeFullAuthentication is specified, pseudonyms 255 * and the permanent ID are used. 256 * 257 * If kEAPSIMAKAIdentityTypePermanent is specified, only the permanent ID 258 * is used. Setting this value also ensures that no preferences or 259 * keychain items will be accessed. 260 */ 261#define kEAPClientPropEAPSIMAKAIdentityType \ 262 CFSTR("EAPSIMAKAIdentityType") /* kEAPSIMAKAIdentityType* */ 263 264#define kEAPSIMAKAIdentityTypeFullAuthentication CFSTR("FullAuthentication") 265#define kEAPSIMAKAIdentityTypePermanent CFSTR("Permanent") 266 267/* 268 * Function: EAPSIMAKAIdentityTypeGetAttributeType 269 * Purpose: 270 * Convert from the identity type string kEAPSIMAKAIdentityType* to 271 * the corresponding EAPSIMAKAAttributeType. 272 * 273 * If string is kEAPSIMAKAIdentityTypeFullAuthentication, returns 274 * kAT_FULL_AUTH_ID_REQ. 275 * 276 * If string is kEAPSIMAKAIdentityTypePermanent, returns kAT_PERMANENT_ID_REQ. 277 * 278 * If string is any other value (including NULL), returns kAT_ANY_ID_REQ. 279 */ 280EAPSIMAKAAttributeType 281EAPSIMAKAIdentityTypeGetAttributeType(CFStringRef string); 282 283#endif /* _EAP8021X_EAPSIMAKAUTIL_H */ 284