ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Migrated all SIM/AKA code to libsimaka, use SIM and AKA backend managers registered by name

This commit is contained in:
Martin Willi 2011-07-07 12:31:45 +02:00
parent 4c199e6f81
commit efee3ed80f
62 changed files with 674 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libcharon/Android.mk
View File

@ -63,9 +63,6 @@ sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
sa/authenticators/eap/sim_card.h sa/authenticators/eap/sim_provider.h \
sa/authenticators/eap/sim_hooks.h \
sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
sa/child_sa.c sa/child_sa.h \

5
src/libcharon/Makefile.am
View File

@ -61,9 +61,6 @@ sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
sa/authenticators/eap/sim_card.h sa/authenticators/eap/sim_provider.h \
sa/authenticators/eap/sim_hooks.h \
sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
sa/child_sa.c sa/child_sa.h \
@ -104,7 +101,7 @@ INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif
-I$(top_srcdir)/src/libtncif
AM_CFLAGS = \
-DIPSEC_DIR=\"${ipsecdir}\" \

2
src/libcharon/daemon.c
View File

@ -119,7 +119,6 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.ike_sa_manager);
DESTROY_IF(this->public.controller);
DESTROY_IF(this->public.eap);
DESTROY_IF(this->public.sim);
DESTROY_IF(this->public.tnccs);
#ifdef ME
DESTROY_IF(this->public.connect_manager);
@ -290,7 +289,6 @@ private_daemon_t *daemon_create()
charon = &this->public;
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
this->public.sim = sim_manager_create();
this->public.tnccs = tnccs_manager_create();
this->public.backends = backend_manager_create();
this->public.socket = socket_manager_create();

6
src/libcharon/daemon.h
View File

@ -152,7 +152,6 @@ typedef struct daemon_t daemon_t;
#include <sa/shunt_manager.h>
#include <config/backend_manager.h>
#include <sa/authenticators/eap/eap_manager.h>
#include <sa/authenticators/eap/sim_manager.h>
#include <tnc/imc/imc_manager.h>
#include <tnc/imv/imv_manager.h>
#include <tnc/tnccs/tnccs_manager.h>
@ -242,11 +241,6 @@ struct daemon_t {
*/
eap_manager_t *eap;
/**
* SIM manager to maintain (U)SIM cards/providers
*/
sim_manager_t *sim;
/**
* TNC IMC manager controlling Integrity Measurement Collectors
*/

48
src/libcharon/plugins/eap_aka/eap_aka_peer.c
View File

@ -20,6 +20,7 @@
#include <simaka_message.h>
#include <simaka_crypto.h>
#include <simaka_manager.h>
typedef struct private_eap_aka_peer_t private_eap_aka_peer_t;
@ -33,6 +34,11 @@ struct private_eap_aka_peer_t {
*/
eap_aka_peer_t public;
/**
* AKA backend manager
*/
simaka_manager_t *mgr;
/**
* EAP-AKA crypto helper
*/
@ -91,7 +97,7 @@ static eap_payload_t* create_client_error(private_eap_aka_peer_t *this)
encoded = htons(AKA_UNABLE_TO_PROCESS);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
chunk_create((char*)&encoded, sizeof(encoded)));
out = message->generate(message, chunk_empty);
out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
return out;
}
@ -140,7 +146,7 @@ static status_t process_identity(private_eap_aka_peer_t *this,
switch (id_req)
{
case AT_ANY_ID_REQ:
this->reauth = charon->sim->card_get_reauth(charon->sim,
this->reauth = this->mgr->card_get_reauth(this->mgr,
this->permanent, this->mk, &this->counter);
if (this->reauth)
{
@ -149,8 +155,8 @@ static status_t process_identity(private_eap_aka_peer_t *this,
}
/* FALL */
case AT_FULLAUTH_ID_REQ:
this->pseudonym = charon->sim->card_get_pseudonym(charon->sim,
this->permanent);
this->pseudonym = this->mgr->card_get_pseudonym(this->mgr,
this->permanent);
if (this->pseudonym)
{
id = this->pseudonym->get_encoding(this->pseudonym);
@ -169,7 +175,7 @@ static status_t process_identity(private_eap_aka_peer_t *this,
{
message->add_attribute(message, AT_IDENTITY, id);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
return NEED_MORE;
@ -220,10 +226,10 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
return NEED_MORE;
}
status = charon->sim->card_get_quintuplet(charon->sim, this->permanent,
status = this->mgr->card_get_quintuplet(this->mgr, this->permanent,
rand.ptr, autn.ptr, ck, ik, res, &res_len);
if (status == INVALID_STATE &&
charon->sim->card_resync(charon->sim, this->permanent, rand.ptr, auts))
this->mgr->card_resync(this->mgr, this->permanent, rand.ptr, auts))
{
DBG1(DBG_IKE, "received SQN invalid, sending %N",
simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE);
@ -231,7 +237,8 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
AKA_SYNCHRONIZATION_FAILURE, this->crypto);
message->add_attribute(message, AT_AUTS,
chunk_create(auts, AKA_AUTS_LEN));
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message,
chunk_empty));
message->destroy(message);
return NEED_MORE;
}
@ -241,7 +248,8 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
this->permanent, simaka_subtype_names, AKA_AUTHENTICATION_REJECT);
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
AKA_AUTHENTICATION_REJECT, this->crypto);
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message,
chunk_empty));
message->destroy(message);
return NEED_MORE;
}
@ -274,13 +282,13 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
case AT_NEXT_REAUTH_ID:
this->counter = 0;
id = identification_create_from_data(data);
charon->sim->card_set_reauth(charon->sim, this->permanent, id,
this->mk, this->counter);
this->mgr->card_set_reauth(this->mgr, this->permanent, id,
this->mk, this->counter);
id->destroy(id);
break;
case AT_NEXT_PSEUDONYM:
id = identification_create_from_data(data);
charon->sim->card_set_pseudonym(charon->sim, this->permanent, id);
this->mgr->card_set_pseudonym(this->mgr, this->permanent, id);
id->destroy(id);
break;
default:
@ -292,7 +300,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RES, chunk_create(res, res_len));
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
return NEED_MORE;
}
@ -389,13 +397,13 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this,
identification_t *reauth;
reauth = identification_create_from_data(data);
charon->sim->card_set_reauth(charon->sim, this->permanent, reauth,
this->mk, this->counter);
this->mgr->card_set_reauth(this->mgr, this->permanent, reauth,
this->mk, this->counter);
reauth->destroy(reauth);
}
}
message->add_attribute(message, AT_COUNTER, counter);
*out = message->generate(message, nonce);
*out = eap_payload_create_data_own(message->generate(message, nonce));
message->destroy(message);
return NEED_MORE;
}
@ -446,7 +454,8 @@ static status_t process_notification(private_eap_aka_peer_t *this,
{ /* empty notification reply */
message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_NOTIFICATION, this->crypto);
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message,
chunk_empty));
message->destroy(message);
}
else
@ -466,7 +475,7 @@ METHOD(eap_method_t, process, status_t,
/* store received EAP message identifier */
this->identifier = in->get_identifier(in);
message = simaka_message_create_from_payload(in, this->crypto);
message = simaka_message_create_from_payload(in->get_data(in), this->crypto);
if (!message)
{
*out = create_client_error(this);
@ -578,7 +587,8 @@ eap_aka_peer_t *eap_aka_peer_create(identification_t *server,
.destroy = _destroy,
},
},
.crypto = simaka_crypto_create(),
.crypto = simaka_crypto_create(EAP_AKA),
.mgr = lib->get(lib, "aka-manager"),
);
if (!this->crypto)

2
src/libcharon/plugins/eap_aka/eap_aka_peer.h
View File

@ -26,7 +26,7 @@ typedef struct eap_aka_peer_t eap_aka_peer_t;
#include <sa/authenticators/eap/eap_method.h>
/**
* Implementation of the eap_method_t interface using EAP-AKA as a client.
* EAP-AKA peer implementation.
*/
struct eap_aka_peer_t {

42
src/libcharon/plugins/eap_aka/eap_aka_plugin.c
View File

@ -19,20 +19,41 @@
#include "eap_aka_server.h"
#include <daemon.h>
#include <simaka_manager.h>
typedef struct private_eap_aka_plugin_t private_eap_aka_plugin_t;
/**
* Private data of an eap_sim_plugin_t object.
*/
struct private_eap_aka_plugin_t {
/**
* Public interface.
*/
eap_aka_plugin_t public;
/**
* EAP-AKA backend manager
*/
simaka_manager_t *mgr;
};
METHOD(plugin_t, get_name, char*,
eap_aka_plugin_t *this)
private_eap_aka_plugin_t *this)
{
return "eap-aka";
}
METHOD(plugin_t, destroy, void,
eap_aka_plugin_t *this)
private_eap_aka_plugin_t *this)
{
lib->set(lib, "aka-manager", NULL);
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_aka_server_create);
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_aka_peer_create);
this->mgr->destroy(this->mgr);
free(this);
}
@ -41,21 +62,24 @@ METHOD(plugin_t, destroy, void,
*/
plugin_t *eap_aka_plugin_create()
{
eap_aka_plugin_t *this;
private_eap_aka_plugin_t *this;
INIT(this,
.plugin = {
.get_name = _get_name,
.reload = (void*)return_false,
.destroy = _destroy,
.public = {
.plugin = {
.get_name = _get_name,
.reload = (void*)return_false,
.destroy = _destroy,
},
},
.mgr = simaka_manager_create(),
);
charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER,
(eap_constructor_t)eap_aka_server_create);
charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_PEER,
(eap_constructor_t)eap_aka_peer_create);
lib->set(lib, "aka-manager", this->mgr);
return &this->plugin;
return &this->public.plugin;
}

5
src/libcharon/plugins/eap_aka/eap_aka_plugin.h
View File

@ -33,6 +33,11 @@ typedef struct eap_aka_plugin_t eap_aka_plugin_t;
*
* EAP-AKA uses 3rd generation mobile phone standard authentication
* mechanism for authentication, as defined RFC4187.
*
* This plugin implements the protocol level of EAP-AKA and uses simaka_card_t
* and simaka_provider_t backends to provide triplets. It registers a
* simaka_manager_t on the library as "aka-manager", other plugins can use it
* to provide the required backends.
*/
struct eap_aka_plugin_t {

34
src/libcharon/plugins/eap_aka/eap_aka_server.c
View File

@ -20,6 +20,7 @@
#include <simaka_message.h>
#include <simaka_crypto.h>
#include <simaka_manager.h>
/** length of the AT_NONCE_S value */
#define NONCE_LEN 16
@ -36,6 +37,11 @@ struct private_eap_aka_server_t {
*/
eap_aka_server_t public;
/**
* AKA backend manager
*/
simaka_manager_t *mgr;
/**
* EAP-AKA crypto helper
*/
@ -133,7 +139,7 @@ static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out)
{
message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
this->pending = AKA_IDENTITY;
@ -152,7 +158,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
chunk_t data, mk;
identification_t *id;
if (!charon->sim->provider_get_quintuplet(charon->sim, this->permanent,
if (!this->mgr->provider_get_quintuplet(this->mgr, this->permanent,
rand, xres, &xres_len, ck, ik, autn))
{
if (this->use_pseudonym)
@ -183,7 +189,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
AKA_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RAND, this->rand);
message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN));
id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr);
id = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk.ptr);
if (id)
{
message->add_attribute(message, AT_NEXT_REAUTH_ID,
@ -192,7 +198,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
}
else
{
id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent);
id = this->mgr->provider_gen_pseudonym(this->mgr, this->permanent);
if (id)
{
message->add_attribute(message, AT_NEXT_PSEUDONYM,
@ -200,7 +206,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
id->destroy(id);
}
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
free(mk.ptr);
@ -237,14 +243,14 @@ static status_t reauthenticate(private_eap_aka_server_t *this,
AKA_REAUTHENTICATION, this->crypto);
message->add_attribute(message, AT_COUNTER, this->counter);
message->add_attribute(message, AT_NONCE_S, this->nonce);
next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk);
next = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk);
if (next)
{
message->add_attribute(message, AT_NEXT_REAUTH_ID,
next->get_encoding(next));
next->destroy(next);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
this->pending = SIM_REAUTHENTICATION;
@ -310,8 +316,7 @@ static status_t process_identity(private_eap_aka_server_t *this,
char mk[HASH_SIZE_SHA1];
u_int16_t counter;
permanent = charon->sim->provider_is_reauth(charon->sim, id,
mk, &counter);
permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter);
if (permanent)
{
this->permanent->destroy(this->permanent);
@ -325,7 +330,7 @@ static status_t process_identity(private_eap_aka_server_t *this,
}
if (this->use_pseudonym)
{
permanent = charon->sim->provider_is_pseudonym(charon->sim, id);
permanent = this->mgr->provider_is_pseudonym(this->mgr, id);
if (permanent)
{
this->permanent->destroy(this->permanent);
@ -506,8 +511,8 @@ static status_t process_synchronize(private_eap_aka_server_t *this,
return FAILED;
}
if (!charon->sim->provider_resync(charon->sim, this->permanent,
this->rand.ptr, auts.ptr))
if (!this->mgr->provider_resync(this->mgr, this->permanent,
this->rand.ptr, auts.ptr))
{
DBG1(DBG_IKE, "no AKA provider found supporting "
"resynchronization for '%Y'", this->permanent);
@ -564,7 +569,7 @@ METHOD(eap_method_t, process, status_t,
simaka_message_t *message;
status_t status;
message = simaka_message_create_from_payload(in, this->crypto);
message = simaka_message_create_from_payload(in->get_data(in), this->crypto);
if (!message)
{
return FAILED;
@ -676,7 +681,8 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
.destroy = _destroy,
},
},
.crypto = simaka_crypto_create(),
.crypto = simaka_crypto_create(EAP_AKA),
.mgr = lib->get(lib, "aka-manager"),
);
if (!this->crypto)

2
src/libcharon/plugins/eap_aka/eap_aka_server.h
View File

@ -26,7 +26,7 @@ typedef struct eap_aka_server_t eap_aka_server_t;
#include <sa/authenticators/eap/eap_method.h>
/**
* Implementation of the eap_method_t interface using EAP-AKA as server.
* EAP-AKA server implementation.
*/
struct eap_aka_server_t {

2
src/libcharon/plugins/eap_aka_3gpp2/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic

18
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
View File

@ -52,7 +52,7 @@ bool eap_aka_3gpp2_get_k(identification_t *id, char k[AKA_K_LEN]);
void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset);
/**
* Implementation of sim_card_t.get_quintuplet
* Implementation of simaka_card_t.get_quintuplet
*/
static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this,
identification_t *id, char rand[AKA_RAND_LEN],
@ -113,7 +113,7 @@ static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this,
}
/**
* Implementation of sim_card_t.resync
* Implementation of simaka_card_t.resync
*/
static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN])
@ -153,13 +153,13 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f)
{
private_eap_aka_3gpp2_card_t *this = malloc_thing(private_eap_aka_3gpp2_card_t);
this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *id))return_null;
this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop;
this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.card.get_triplet = (bool(*)(simaka_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.card.get_quintuplet = (status_t(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
this->public.card.get_pseudonym = (identification_t*(*)(simaka_card_t*, identification_t *id))return_null;
this->public.card.set_pseudonym = (void(*)(simaka_card_t*, identification_t *id, identification_t *pseudonym))nop;
this->public.card.get_reauth = (identification_t*(*)(simaka_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.card.set_reauth = (void(*)(simaka_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.destroy = (void(*)(eap_aka_3gpp2_card_t*))destroy;
this->f = f;

6
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
View File

@ -23,7 +23,7 @@
#include "eap_aka_3gpp2_functions.h"
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_card.h>
typedef struct eap_aka_3gpp2_card_t eap_aka_3gpp2_card_t;
@ -33,9 +33,9 @@ typedef struct eap_aka_3gpp2_card_t eap_aka_3gpp2_card_t;
struct eap_aka_3gpp2_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_aka_3gpp2_card_t.

2
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_AKA_3GPP2_FUNCTIONS_H_
#define EAP_AKA_3GPP2_FUNCTIONS_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_manager.h>
#define AKA_SQN_LEN 6
#define AKA_K_LEN 16

20
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
View File

@ -57,8 +57,14 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_aka_3gpp2_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
charon->sim->remove_provider(charon->sim, &this->provider->provider);
simaka_manager_t *mgr;
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
this->card->destroy(this->card);
this->provider->destroy(this->provider);
this->functions->destroy(this->functions);
@ -71,6 +77,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_aka_3gpp2_plugin_create()
{
private_eap_aka_3gpp2_t *this;
simaka_manager_t *mgr;
INIT(this,
.public = {
@ -91,9 +98,12 @@ plugin_t *eap_aka_3gpp2_plugin_create()
this->card = eap_aka_3gpp2_card_create(this->functions);
this->provider = eap_aka_3gpp2_provider_create(this->functions);
charon->sim->add_card(charon->sim, &this->card->card);
charon->sim->add_provider(charon->sim, &this->provider->provider);
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
return &this->public.plugin;
}

18
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
View File

@ -81,7 +81,7 @@ void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset)
}
/**
* Implementation of usim_provider_t.get_quintuplet
* Implementation of simaka_provider_t.get_quintuplet
*/
static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this,
identification_t *id, char rand[AKA_RAND_LEN],
@ -132,7 +132,7 @@ static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this,
}
/**
* Implementation of usim_provider_t.resync
* Implementation of simaka_provider_t.resync
*/
static bool resync(private_eap_aka_3gpp2_provider_t *this,
identification_t *id, char rand[AKA_RAND_LEN],
@ -185,13 +185,13 @@ eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create(
{
private_eap_aka_3gpp2_provider_t *this = malloc_thing(private_eap_aka_3gpp2_provider_t);
this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet;
this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.provider.get_triplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet;
this->public.provider.resync = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
this->public.provider.is_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.is_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.destroy = (void(*)(eap_aka_3gpp2_provider_t*))destroy;
this->f = f;

6
src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
View File

@ -23,7 +23,7 @@
#include "eap_aka_3gpp2_functions.h"
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_provider.h>
typedef struct eap_aka_3gpp2_provider_t eap_aka_3gpp2_provider_t;
@ -33,9 +33,9 @@ typedef struct eap_aka_3gpp2_provider_t eap_aka_3gpp2_provider_t;
struct eap_aka_3gpp2_provider_t {
/**
* Implements sim_provider_t interface.
* Implements simaka_provider_t interface.
*/
sim_provider_t provider;
simaka_provider_t provider;
/**
* Destroy a eap_aka_3gpp2_provider_t.

42
src/libcharon/plugins/eap_sim/eap_sim_peer.c
View File

@ -18,6 +18,7 @@
#include <daemon.h>
#include <simaka_message.h>
#include <simaka_manager.h>
/* number of tries we do authenticate */
#define MAX_TRIES 3
@ -40,6 +41,11 @@ struct private_eap_sim_peer_t {
*/
eap_sim_peer_t public;
/**
* SIM backend manager
*/
simaka_manager_t *mgr;
/**
* permanent ID of peer
*/
@ -116,7 +122,7 @@ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this,
encoded = htons(code);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
chunk_create((char*)&encoded, sizeof(encoded)));
out = message->generate(message, chunk_empty);
out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
return out;
}
@ -188,7 +194,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
switch (id_req)
{
case AT_ANY_ID_REQ:
this->reauth = charon->sim->card_get_reauth(charon->sim,
this->reauth = this->mgr->card_get_reauth(this->mgr,
this->permanent, this->mk, &this->counter);
if (this->reauth)
{
@ -197,8 +203,8 @@ static status_t process_start(private_eap_sim_peer_t *this,
}
/* FALL */
case AT_FULLAUTH_ID_REQ:
this->pseudonym = charon->sim->card_get_pseudonym(charon->sim,
this->permanent);
this->pseudonym = this->mgr->card_get_pseudonym(this->mgr,
this->permanent);
if (this->pseudonym)
{
id = this->pseudonym->get_encoding(this->pseudonym);
@ -228,7 +234,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
{
message->add_attribute(message, AT_IDENTITY, id);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
return NEED_MORE;
@ -287,8 +293,8 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
sreses = sres = chunk_alloca(rands.len / 4);
while (rands.len >= SIM_RAND_LEN)
{
if (!charon->sim->card_get_triplet(charon->sim, this->permanent,
rands.ptr, sres.ptr, kc.ptr))
if (!this->mgr->card_get_triplet(this->mgr, this->permanent,
rands.ptr, sres.ptr, kc.ptr))
{
DBG1(DBG_IKE, "unable to get EAP-SIM triplet");
*out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
@ -328,13 +334,13 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
case AT_NEXT_REAUTH_ID:
this->counter = 0;
id = identification_create_from_data(data);
charon->sim->card_set_reauth(charon->sim, this->permanent, id,
this->mk, this->counter);
this->mgr->card_set_reauth(this->mgr, this->permanent, id,
this->mk, this->counter);
id->destroy(id);
break;
case AT_NEXT_PSEUDONYM:
id = identification_create_from_data(data);
charon->sim->card_set_pseudonym(charon->sim, this->permanent, id);
this->mgr->card_set_pseudonym(this->mgr, this->permanent, id);
id->destroy(id);
break;
default:
@ -346,7 +352,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
/* build response with AT_MAC, built over "EAP packet | n*SRES" */
message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_CHALLENGE, this->crypto);
*out = message->generate(message, sreses);
*out = eap_payload_create_data_own(message->generate(message, sreses));
message->destroy(message);
return NEED_MORE;
}
@ -443,13 +449,13 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
identification_t *reauth;
reauth = identification_create_from_data(data);
charon->sim->card_set_reauth(charon->sim, this->permanent, reauth,
this->mk, this->counter);
this->mgr->card_set_reauth(this->mgr, this->permanent, reauth,
this->mk, this->counter);
reauth->destroy(reauth);
}
}
message->add_attribute(message, AT_COUNTER, counter);
*out = message->generate(message, nonce);
*out = eap_payload_create_data_own(message->generate(message, nonce));
message->destroy(message);
return NEED_MORE;
}
@ -500,7 +506,8 @@ static status_t process_notification(private_eap_sim_peer_t *this,
{ /* empty notification reply */
message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_NOTIFICATION, this->crypto);
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message,
chunk_empty));
message->destroy(message);
}
else
@ -519,7 +526,7 @@ METHOD(eap_method_t, process, status_t,
/* store received EAP message identifier */
this->identifier = in->get_identifier(in);
message = simaka_message_create_from_payload(in, this->crypto);
message = simaka_message_create_from_payload(in->get_data(in), this->crypto);
if (!message)
{
*out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
@ -633,7 +640,8 @@ eap_sim_peer_t *eap_sim_peer_create(identification_t *server,
.destroy = _destroy,
},
},
.crypto = simaka_crypto_create(),
.crypto = simaka_crypto_create(EAP_SIM),
.mgr = lib->get(lib, "sim-manager"),
);
if (!this->crypto)

3
src/libcharon/plugins/eap_sim/eap_sim_peer.h
View File

@ -27,9 +27,6 @@ typedef struct eap_sim_peer_t eap_sim_peer_t;
/**
* EAP-SIM peer implementation.
*
* This EAP-SIM module uses sim_card_t implementations for triplet calculation,
* found via the eap_sim_manager_t.
*/
struct eap_sim_peer_t {

41
src/libcharon/plugins/eap_sim/eap_sim_plugin.c
View File

@ -19,20 +19,41 @@
#include "eap_sim_peer.h"
#include <daemon.h>
#include <simaka_manager.h>
typedef struct private_eap_sim_plugin_t private_eap_sim_plugin_t;
/**
* Private data of an eap_sim_plugin_t object.
*/
struct private_eap_sim_plugin_t {
/**
* Public interface.
*/
eap_sim_plugin_t public;
/**
* EAP-SIM backend manager
*/
simaka_manager_t *mgr;
};
METHOD(plugin_t, get_name, char*,
eap_sim_plugin_t *this)
private_eap_sim_plugin_t *this)
{
return "eap-sim";
}
METHOD(plugin_t, destroy, void,
eap_sim_plugin_t *this)
private_eap_sim_plugin_t *this)
{
lib->set(lib, "sim-manager", NULL);
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_sim_server_create);
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_sim_peer_create);
this->mgr->destroy(this->mgr);
free(this);
}
@ -41,21 +62,25 @@ METHOD(plugin_t, destroy, void,
*/
plugin_t *eap_sim_plugin_create()
{
eap_sim_plugin_t *this;
private_eap_sim_plugin_t *this;
INIT(this,
.plugin = {
.get_name = _get_name,
.reload = (void*)return_false,
.destroy = _destroy,
.public = {
.plugin = {
.get_name = _get_name,
.reload = (void*)return_false,
.destroy = _destroy,
},
},
.mgr = simaka_manager_create(),
);
charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER,
(eap_constructor_t)eap_sim_server_create);
charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER,
(eap_constructor_t)eap_sim_peer_create);
lib->set(lib, "sim-manager", this->mgr);
return &this->plugin;
return &this->public.plugin;
}

5
src/libcharon/plugins/eap_sim/eap_sim_plugin.h
View File

@ -30,6 +30,11 @@ typedef struct eap_sim_plugin_t eap_sim_plugin_t;
/**
* EAP-SIM plugin.
*
* This plugin implements the protocol level of EAP-SIM and uses simaka_card_t
* and simaka_provider_t backends to provide triplets. It registers a
* simaka_manager_t on the library as "sim-manager", other plugins can use it
* to provide the required backends.
*/
struct eap_sim_plugin_t {

33
src/libcharon/plugins/eap_sim/eap_sim_server.c
View File

@ -19,6 +19,7 @@
#include <simaka_message.h>
#include <simaka_crypto.h>
#include <simaka_manager.h>
/* number of triplets for one authentication */
#define TRIPLET_COUNT 3
@ -38,6 +39,11 @@ struct private_eap_sim_server_t {
*/
eap_sim_server_t public;
/**
* SIM backend manager
*/
simaka_manager_t *mgr;
/**
* permanent ID of peer
*/
@ -127,7 +133,7 @@ METHOD(eap_method_t, initiate, status_t,
{
message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
this->pending = SIM_START;
@ -163,14 +169,14 @@ static status_t reauthenticate(private_eap_sim_server_t *this,
SIM_REAUTHENTICATION, this->crypto);
message->add_attribute(message, AT_COUNTER, this->counter);
message->add_attribute(message, AT_NONCE_S, this->nonce);
next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk);
next = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk);
if (next)
{
message->add_attribute(message, AT_NEXT_REAUTH_ID,
next->get_encoding(next));
next->destroy(next);
}
*out = message->generate(message, chunk_empty);
*out = eap_payload_create_data_own(message->generate(message, chunk_empty));
message->destroy(message);
this->pending = SIM_REAUTHENTICATION;
@ -298,8 +304,8 @@ static status_t process_start(private_eap_sim_server_t *this,
char mk[HASH_SIZE_SHA1];
u_int16_t counter;
permanent = charon->sim->provider_is_reauth(charon->sim, id,
mk, &counter);
permanent = this->mgr->provider_is_reauth(this->mgr, id,
mk, &counter);
if (permanent)
{
this->permanent->destroy(this->permanent);
@ -315,7 +321,7 @@ static status_t process_start(private_eap_sim_server_t *this,
}
if (this->use_pseudonym)
{
permanent = charon->sim->provider_is_pseudonym(charon->sim, id);
permanent = this->mgr->provider_is_pseudonym(this->mgr, id);
if (permanent)
{
this->permanent->destroy(this->permanent);
@ -348,8 +354,8 @@ static status_t process_start(private_eap_sim_server_t *this,
rands.len = kcs.len = sreses.len = 0;
for (i = 0; i < TRIPLET_COUNT; i++)
{
if (!charon->sim->provider_get_triplet(charon->sim, this->permanent,
rand.ptr, sres.ptr, kc.ptr))
if (!this->mgr->provider_get_triplet(this->mgr, this->permanent,
rand.ptr, sres.ptr, kc.ptr))
{
if (this->use_pseudonym)
{
@ -386,7 +392,7 @@ static status_t process_start(private_eap_sim_server_t *this,
message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
SIM_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RAND, rands);
id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr);
id = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk.ptr);
if (id)
{
message->add_attribute(message, AT_NEXT_REAUTH_ID,
@ -395,7 +401,7 @@ static status_t process_start(private_eap_sim_server_t *this,
}
else
{
id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent);
id = this->mgr->provider_gen_pseudonym(this->mgr, this->permanent);
if (id)
{
message->add_attribute(message, AT_NEXT_PSEUDONYM,
@ -403,7 +409,7 @@ static status_t process_start(private_eap_sim_server_t *this,
id->destroy(id);
}
}
*out = message->generate(message, nonce);
*out = eap_payload_create_data_own(message->generate(message, nonce));
message->destroy(message);
free(mk.ptr);
@ -483,7 +489,7 @@ METHOD(eap_method_t, process, status_t,
simaka_message_t *message;
status_t status;
message = simaka_message_create_from_payload(in, this->crypto);
message = simaka_message_create_from_payload(in->get_data(in), this->crypto);
if (!message)
{
return FAILED;
@ -588,7 +594,8 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server,
.destroy = _destroy,
},
},
.crypto = simaka_crypto_create(),
.crypto = simaka_crypto_create(EAP_SIM),
.mgr = lib->get(lib, "sim-manager"),
);
if (!this->crypto)

3
src/libcharon/plugins/eap_sim/eap_sim_server.h
View File

@ -27,9 +27,6 @@ typedef struct eap_sim_server_t eap_sim_server_t;
/**
* EAP-SIM server implementation.
*
* This EAP-SIM module uses sim_provider_t implementations for triplet
* calculation, found via the eap_sim_manager_t.
*/
struct eap_sim_server_t {

2
src/libcharon/plugins/eap_sim_file/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"

4
src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
View File

@ -35,7 +35,7 @@ struct private_eap_sim_file_card_t {
eap_sim_file_triplets_t *triplets;
};
METHOD(sim_card_t, get_triplet, bool,
METHOD(simaka_card_t, get_triplet, bool,
private_eap_sim_file_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
@ -66,7 +66,7 @@ METHOD(sim_card_t, get_triplet, bool,
return FALSE;
}
METHOD(sim_card_t, get_quintuplet, status_t,
METHOD(simaka_card_t, get_quintuplet, status_t,
private_eap_sim_file_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len)

6
src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
View File

@ -23,7 +23,7 @@
#include "eap_sim_file_triplets.h"
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_card.h>
typedef struct eap_sim_file_card_t eap_sim_file_card_t;
@ -33,9 +33,9 @@ typedef struct eap_sim_file_card_t eap_sim_file_card_t;
struct eap_sim_file_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_sim_file_card_t.

20
src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
View File

@ -59,8 +59,14 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_sim_file_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
charon->sim->remove_provider(charon->sim, &this->provider->provider);
simaka_manager_t *mgr;
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
this->card->destroy(this->card);
this->provider->destroy(this->provider);
this->triplets->destroy(this->triplets);
@ -73,6 +79,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_sim_file_plugin_create()
{
private_eap_sim_file_t *this;
simaka_manager_t *mgr;
INIT(this,
.public = {
@ -94,9 +101,12 @@ plugin_t *eap_sim_file_plugin_create()
}
this->card = eap_sim_file_card_create(this->triplets);
charon->sim->add_card(charon->sim, &this->card->card);
charon->sim->add_provider(charon->sim, &this->provider->provider);
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
return &this->public.plugin;
}

2
src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
View File

@ -35,7 +35,7 @@ struct private_eap_sim_file_provider_t {
eap_sim_file_triplets_t *triplets;
};
METHOD(sim_provider_t, get_triplet, bool,
METHOD(simaka_provider_t, get_triplet, bool,
private_eap_sim_file_provider_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{

6
src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
View File

@ -23,6 +23,8 @@
#include "eap_sim_file_triplets.h"
#include <simaka_provider.h>
typedef struct eap_sim_file_provider_t eap_sim_file_provider_t;
/**
@ -31,9 +33,9 @@ typedef struct eap_sim_file_provider_t eap_sim_file_provider_t;
struct eap_sim_file_provider_t {
/**
* Implements sim_provider_t interface.
* Implements simaka_provider_t interface.
*/
sim_provider_t provider;
simaka_provider_t provider;
/**
* Destroy a eap_sim_file_provider_t.

1
src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
View File

@ -21,6 +21,7 @@
#include <daemon.h>
#include <utils/linked_list.h>
#include <threading/mutex.h>
#include <simaka_manager.h>
typedef struct private_eap_sim_file_triplets_t private_eap_sim_file_triplets_t;

2
src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_SIM_FILE_TRIPLETS_H_
#define EAP_SIM_FILE_TRIPLETS_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <utils/enumerator.h>
typedef struct eap_sim_file_triplets_t eap_sim_file_triplets_t;

2
src/libcharon/plugins/eap_sim_pcsc/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic ${pcsclite_CFLAGS}

4
src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
View File

@ -87,7 +87,7 @@ static bool decode_imsi_ef(unsigned char *input, int input_len, char *output)
return TRUE;
}
METHOD(sim_card_t, get_triplet, bool,
METHOD(simaka_card_t, get_triplet, bool,
private_eap_sim_pcsc_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
@ -351,7 +351,7 @@ METHOD(sim_card_t, get_triplet, bool,
return found;
}
METHOD(sim_card_t, get_quintuplet, status_t,
METHOD(simaka_card_t, get_quintuplet, status_t,
private_eap_sim_pcsc_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len)

6
src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.h
View File

@ -20,7 +20,7 @@
#ifndef EAP_SIM_PCSC_CARD_H_
#define EAP_SIM_PCSC_CARD_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_card.h>
typedef struct eap_sim_pcsc_card_t eap_sim_pcsc_card_t;
@ -30,9 +30,9 @@ typedef struct eap_sim_pcsc_card_t eap_sim_pcsc_card_t;
struct eap_sim_pcsc_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_sim_pcsc_card_t.

15
src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c
View File

@ -44,7 +44,13 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_sim_pcsc_plugin_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
simaka_manager_t *mgr;
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
}
this->card->destroy(this->card);
free(this);
}
@ -55,6 +61,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_sim_pcsc_plugin_create()
{
private_eap_sim_pcsc_plugin_t *this;
simaka_manager_t *mgr;
INIT(this,
.public = {
@ -66,8 +73,12 @@ plugin_t *eap_sim_pcsc_plugin_create()
},
.card = eap_sim_pcsc_card_create(),
);
charon->sim->add_card(charon->sim, &this->card->card);
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
}
return &this->public.plugin;
}

2
src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic

20
src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
View File

@ -58,7 +58,7 @@ static bool equals(identification_t *key1, identification_t *key2)
}
/**
* Implementation of sim_card_t.get_pseudonym
* Implementation of simaka_card_t.get_pseudonym
*/
static identification_t *get_pseudonym(private_eap_simaka_pseudonym_card_t *this,
identification_t *id)
@ -74,7 +74,7 @@ static identification_t *get_pseudonym(private_eap_simaka_pseudonym_card_t *this
}
/**
* Implementation of sim_card_t.set_pseudonym
* Implementation of simaka_card_t.set_pseudonym
*/
static void set_pseudonym(private_eap_simaka_pseudonym_card_t *this,
identification_t *id, identification_t *pseudonym)
@ -93,7 +93,7 @@ static void set_pseudonym(private_eap_simaka_pseudonym_card_t *this,
}
/**
* Implementation of sim_card_t.get_quintuplet
* Implementation of simaka_card_t.get_quintuplet
*/
static status_t get_quintuplet()
{
@ -137,13 +137,13 @@ eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create()
this = malloc_thing(private_eap_simaka_pseudonym_card_t);
this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))get_pseudonym;
this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))set_pseudonym;
this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.card.get_triplet = (bool(*)(simaka_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.card.get_quintuplet = (status_t(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.card.get_pseudonym = (identification_t*(*)(simaka_card_t*, identification_t *perm))get_pseudonym;
this->public.card.set_pseudonym = (void(*)(simaka_card_t*, identification_t *id, identification_t *pseudonym))set_pseudonym;
this->public.card.get_reauth = (identification_t*(*)(simaka_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.card.set_reauth = (void(*)(simaka_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.destroy = (void(*)(eap_simaka_pseudonym_card_t*))destroy;
this->pseudonym = hashtable_create((void*)hash, (void*)equals, 0);

6
src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_SIMAKA_PSEUDONYM_CARD_H_
#define EAP_SIMAKA_PSEUDONYM_CARD_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_card.h>
typedef struct eap_simaka_pseudonym_card_t eap_simaka_pseudonym_card_t;
@ -31,9 +31,9 @@ typedef struct eap_simaka_pseudonym_card_t eap_simaka_pseudonym_card_t;
struct eap_simaka_pseudonym_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_simaka_pseudonym_card_t.

32
src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
View File

@ -51,8 +51,20 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_simaka_pseudonym_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
charon->sim->remove_provider(charon->sim, &this->provider->provider);
simaka_manager_t *mgr;
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
this->card->destroy(this->card);
this->provider->destroy(this->provider);
free(this);
@ -64,6 +76,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_simaka_pseudonym_plugin_create()
{
private_eap_simaka_pseudonym_t *this;
simaka_manager_t *mgr;
INIT(this,
.public = {
@ -83,9 +96,18 @@ plugin_t *eap_simaka_pseudonym_plugin_create()
}
this->card = eap_simaka_pseudonym_card_create();
charon->sim->add_card(charon->sim, &this->card->card);
charon->sim->add_provider(charon->sim, &this->provider->provider);
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
return &this->public.plugin;
}

18
src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
View File

@ -62,7 +62,7 @@ static bool equals(identification_t *key1, identification_t *key2)
}
/**
* Implementation of sim_provider_t.is_pseudonym
* Implementation of simaka_provider_t.is_pseudonym
*/
static identification_t* is_pseudonym(
private_eap_simaka_pseudonym_provider_t *this, identification_t *id)
@ -92,7 +92,7 @@ static identification_t *gen_identity(
}
/**
* Implementation of sim_provider_t.get_pseudonym
* Implementation of simaka_provider_t.get_pseudonym
*/
static identification_t* gen_pseudonym(
private_eap_simaka_pseudonym_provider_t *this, identification_t *id)
@ -159,13 +159,13 @@ eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create()
this = malloc_thing(private_eap_simaka_pseudonym_provider_t);
this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))is_pseudonym;
this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))gen_pseudonym;
this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.provider.get_triplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
this->public.provider.resync = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.provider.is_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))is_pseudonym;
this->public.provider.gen_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))gen_pseudonym;
this->public.provider.is_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.destroy = (void(*)(eap_simaka_pseudonym_provider_t*))destroy;
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);

6
src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
#define EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_provider.h>
typedef struct eap_simaka_pseudonym_provider_t eap_simaka_pseudonym_provider_t;
@ -31,9 +31,9 @@ typedef struct eap_simaka_pseudonym_provider_t eap_simaka_pseudonym_provider_t;
struct eap_simaka_pseudonym_provider_t {
/**
* Implements sim_provider_t interface.
* Implements simaka_provider_t interface.
*/
sim_provider_t provider;
simaka_provider_t provider;
/**
* Destroy a eap_simaka_pseudonym_provider_t.

2
src/libcharon/plugins/eap_simaka_reauth/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic

20
src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
View File

@ -67,7 +67,7 @@ static bool equals(identification_t *key1, identification_t *key2)
}
/**
* Implementation of sim_card_t.get_reauth
* Implementation of simaka_card_t.get_reauth
*/
static identification_t *get_reauth(private_eap_simaka_reauth_card_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
@ -91,7 +91,7 @@ static identification_t *get_reauth(private_eap_simaka_reauth_card_t *this,
}
/**
* Implementation of sim_card_t.set_reauth
* Implementation of simaka_card_t.set_reauth
*/
static void set_reauth(private_eap_simaka_reauth_card_t *this,
identification_t *id, identification_t* next,
@ -116,7 +116,7 @@ static void set_reauth(private_eap_simaka_reauth_card_t *this,
}
/**
* Implementation of sim_card_t.get_quintuplet
* Implementation of simaka_card_t.get_quintuplet
*/
static status_t get_quintuplet()
{
@ -154,13 +154,13 @@ eap_simaka_reauth_card_t *eap_simaka_reauth_card_create()
this = malloc_thing(private_eap_simaka_reauth_card_t);
this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_null;
this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null;
this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop;
this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))get_reauth;
this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))set_reauth;
this->public.card.get_triplet = (bool(*)(simaka_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_null;
this->public.card.get_quintuplet = (status_t(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet;
this->public.card.resync = (bool(*)(simaka_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.card.get_pseudonym = (identification_t*(*)(simaka_card_t*, identification_t *perm))return_null;
this->public.card.set_pseudonym = (void(*)(simaka_card_t*, identification_t *id, identification_t *pseudonym))nop;
this->public.card.get_reauth = (identification_t*(*)(simaka_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))get_reauth;
this->public.card.set_reauth = (void(*)(simaka_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))set_reauth;
this->public.destroy = (void(*)(eap_simaka_reauth_card_t*))destroy;
this->reauth = hashtable_create((void*)hash, (void*)equals, 0);

6
src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_SIMAKA_REAUTH_CARD_H_
#define EAP_SIMAKA_REAUTH_CARD_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_provider.h>
typedef struct eap_simaka_reauth_card_t eap_simaka_reauth_card_t;
@ -31,9 +31,9 @@ typedef struct eap_simaka_reauth_card_t eap_simaka_reauth_card_t;
struct eap_simaka_reauth_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_simaka_reauth_card_t.

32
src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
View File

@ -51,8 +51,20 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_simaka_reauth_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
charon->sim->remove_provider(charon->sim, &this->provider->provider);
simaka_manager_t *mgr;
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
this->card->destroy(this->card);
this->provider->destroy(this->provider);
free(this);
@ -64,6 +76,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_simaka_reauth_plugin_create()
{
private_eap_simaka_reauth_t *this;
simaka_manager_t *mgr;
INIT(this,
.public = {
@ -83,9 +96,18 @@ plugin_t *eap_simaka_reauth_plugin_create()
}
this->card = eap_simaka_reauth_card_create();
charon->sim->add_card(charon->sim, &this->card->card);
charon->sim->add_provider(charon->sim, &this->provider->provider);
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
return &this->public.plugin;
}

18
src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
View File

@ -88,7 +88,7 @@ static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this
}
/**
* Implementation of sim_provider_t.is_reauth
* Implementation of simaka_provider_t.is_reauth
*/
static identification_t *is_reauth(private_eap_simaka_reauth_provider_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
@ -115,7 +115,7 @@ static identification_t *is_reauth(private_eap_simaka_reauth_provider_t *this,
}
/**
* Implementation of sim_provider_t.gen_reauth
* Implementation of simaka_provider_t.gen_reauth
*/
static identification_t *gen_reauth(private_eap_simaka_reauth_provider_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1])
@ -186,13 +186,13 @@ eap_simaka_reauth_provider_t *eap_simaka_reauth_provider_create()
{
private_eap_simaka_reauth_provider_t *this = malloc_thing(private_eap_simaka_reauth_provider_t);
this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))is_reauth;
this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))gen_reauth;
this->public.provider.get_triplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
this->public.provider.resync = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.provider.is_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.is_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))is_reauth;
this->public.provider.gen_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))gen_reauth;
this->public.destroy = (void(*)(eap_simaka_reauth_provider_t*))destroy;
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);

6
src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
View File

@ -21,7 +21,7 @@
#ifndef EAP_SIMAKA_REAUTH_PROVIDER_H_
#define EAP_SIMAKA_REAUTH_PROVIDER_H_
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_provider.h>
typedef struct eap_simaka_reauth_provider_t eap_simaka_reauth_provider_t;
@ -31,9 +31,9 @@ typedef struct eap_simaka_reauth_provider_t eap_simaka_reauth_provider_t;
struct eap_simaka_reauth_provider_t {
/**
* Implements sim_provider_t interface.
* Implements simaka_provider_t interface.
*/
sim_provider_t provider;
simaka_provider_t provider;
/**
* Destroy a eap_simaka_reauth_provider_t.

2
src/libcharon/plugins/eap_simaka_sql/Makefile.am
View File

@ -1,6 +1,6 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"

4
src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c
View File

@ -42,7 +42,7 @@ struct private_eap_simaka_sql_card_t {
bool remove_used;
};
METHOD(sim_card_t, get_triplet, bool,
METHOD(simaka_card_t, get_triplet, bool,
private_eap_simaka_sql_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
@ -90,7 +90,7 @@ METHOD(sim_card_t, get_triplet, bool,
return found;
}
METHOD(sim_card_t, get_quintuplet, status_t,
METHOD(simaka_card_t, get_quintuplet, status_t,
private_eap_simaka_sql_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len)

6
src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.h
View File

@ -22,7 +22,7 @@
#define EAP_SIMAKA_SQL_CARD_H_
#include <database/database.h>
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_manager.h>
typedef struct eap_simaka_sql_card_t eap_simaka_sql_card_t;
@ -32,9 +32,9 @@ typedef struct eap_simaka_sql_card_t eap_simaka_sql_card_t;
struct eap_simaka_sql_card_t {
/**
* Implements sim_card_t interface
* Implements simaka_card_t interface
*/
sim_card_t card;
simaka_card_t card;
/**
* Destroy a eap_simaka_sql_card_t.

32
src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
View File

@ -56,8 +56,20 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, destroy, void,
private_eap_simaka_sql_t *this)
{
charon->sim->remove_card(charon->sim, &this->card->card);
charon->sim->remove_provider(charon->sim, &this->provider->provider);
simaka_manager_t *mgr;
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->remove_card(mgr, &this->card->card);
mgr->remove_provider(mgr, &this->provider->provider);
}
this->card->destroy(this->card);
this->provider->destroy(this->provider);
this->db->destroy(this->db);
@ -70,6 +82,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *eap_simaka_sql_plugin_create()
{
private_eap_simaka_sql_t *this;
simaka_manager_t *mgr;
database_t *db;
bool remove_used;
char *uri;
@ -103,8 +116,17 @@ plugin_t *eap_simaka_sql_plugin_create()
.card = eap_simaka_sql_card_create(db, remove_used),
);
charon->sim->add_card(charon->sim, &this->card->card);
charon->sim->add_provider(charon->sim, &this->provider->provider);
mgr = lib->get(lib, "sim-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
mgr = lib->get(lib, "aka-manager");
if (mgr)
{
mgr->add_card(mgr, &this->card->card);
mgr->add_provider(mgr, &this->provider->provider);
}
return &this->public.plugin;
}

4
src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_provider.c
View File

@ -42,7 +42,7 @@ struct private_eap_simaka_sql_provider_t {
bool remove_used;
};
METHOD(sim_provider_t, get_triplet, bool,
METHOD(simaka_provider_t, get_triplet, bool,
private_eap_simaka_sql_provider_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
@ -90,7 +90,7 @@ METHOD(sim_provider_t, get_triplet, bool,
return found;
}
METHOD(sim_provider_t, get_quintuplet, bool,
METHOD(simaka_provider_t, get_quintuplet, bool,
private_eap_simaka_sql_provider_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len,
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN])

6
src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_provider.h
View File

@ -22,7 +22,7 @@
#define EAP_SIMAKA_SQL_PROVIDER_H_
#include <database/database.h>
#include <sa/authenticators/eap/sim_manager.h>
#include <simaka_provider.h>
typedef struct eap_simaka_sql_provider_t eap_simaka_sql_provider_t;
@ -32,9 +32,9 @@ typedef struct eap_simaka_sql_provider_t eap_simaka_sql_provider_t;
struct eap_simaka_sql_provider_t {
/**
* Implements sim_provider_t interface
* Implements simaka_provider_t interface
*/
sim_provider_t provider;
simaka_provider_t provider;
/**
* Destroy a eap_simaka_sql_provider_t.

3
src/libsimaka/Makefile.am
View File

@ -3,4 +3,5 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(to
ipseclib_LTLIBRARIES = libsimaka.la
libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
simaka_crypto.h simaka_crypto.c
simaka_crypto.h simaka_crypto.c simaka_manager.h simaka_manager.c \
simaka_card.h simaka_provider.h simaka_hooks.h

34
src/libcharon/sa/authenticators/eap/sim_card.h → src/libsimaka/simaka_card.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2008-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,14 +14,18 @@
*/
/**
* @defgroup sim_card sim_card
* @{ @ingroup eap
* @defgroup simaka_card simaka_card
* @{ @ingroup libsimaka
*/
#ifndef SIM_CARD_H_
#define SIM_CARD_H_
#ifndef SIMAKA_CARD_H_
#define SIMAKA_CARD_H_
typedef struct sim_card_t sim_card_t;
typedef struct simaka_card_t simaka_card_t;
#include "simaka_manager.h"
#include <utils/identification.h>
/**
* Interface for a (U)SIM card (used as EAP client).
@ -31,7 +35,7 @@ typedef struct sim_card_t sim_card_t;
* An implementation supporting only one of SIM/AKA authentication may
* implement the other methods with return_false()/return NOT_SUPPORTED/NULL.
*/
struct sim_card_t {
struct simaka_card_t {
/**
* Calculate SRES/KC from a RAND for SIM authentication.
@ -42,7 +46,7 @@ struct sim_card_t {
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if SRES/KC calculated, FALSE on error/wrong identity
*/
bool (*get_triplet)(sim_card_t *this, identification_t *id,
bool (*get_triplet)(simaka_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
@ -65,7 +69,7 @@ struct sim_card_t {
* @param res_len nubmer of bytes written to res buffer
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
status_t (*get_quintuplet)(sim_card_t *this, identification_t *id,
status_t (*get_quintuplet)(simaka_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN],
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char res[AKA_RES_MAX], int *res_len);
@ -78,7 +82,7 @@ struct sim_card_t {
* @param auts resynchronization parameter auts
* @return TRUE if parameter generated successfully
*/
bool (*resync)(sim_card_t *this, identification_t *id,
bool (*resync)(simaka_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
@ -87,7 +91,7 @@ struct sim_card_t {
* @param id permanent identity of the peer
* @param pseudonym pseudonym identity received from the server
*/
void (*set_pseudonym)(sim_card_t *this, identification_t *id,
void (*set_pseudonym)(simaka_card_t *this, identification_t *id,
identification_t *pseudonym);
/**
@ -96,7 +100,7 @@ struct sim_card_t {
* @param id permanent identity of the peer
* @return associated pseudonym identity, NULL if none stored
*/
identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id);
identification_t* (*get_pseudonym)(simaka_card_t *this, identification_t *id);
/**
* Store parameters to use for the next fast reauthentication.
@ -106,7 +110,7 @@ struct sim_card_t {
* @param mk master key MK to store for reauthentication
* @param counter counter value to store, host order
*/
void (*set_reauth)(sim_card_t *this, identification_t *id,
void (*set_reauth)(simaka_card_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
u_int16_t counter);
@ -118,8 +122,8 @@ struct sim_card_t {
* @param counter pointer receiving counter value, in host order
* @return fast reauthentication identity, NULL if not found
*/
identification_t* (*get_reauth)(sim_card_t *this, identification_t *id,
identification_t* (*get_reauth)(simaka_card_t *this, identification_t *id,
char mk[HASH_SIZE_SHA1], u_int16_t *counter);
};
#endif /** SIM_CARD_H_ @}*/
#endif /** SIMAKA_CARD_H_ @}*/

48
src/libsimaka/simaka_crypto.c
View File

@ -15,7 +15,9 @@
#include "simaka_crypto.h"
#include <daemon.h>
#include "simaka_manager.h"
#include <debug.h>
/** length of the k_encr key */
#define KENCR_LEN 16
@ -38,6 +40,11 @@ struct private_simaka_crypto_t {
*/
simaka_crypto_t public;
/**
* EAP type this crypto is used, SIM or AKA
*/
eap_type_t type;
/**
* signer to create/verify AT_MAC
*/
@ -93,6 +100,27 @@ static rng_t* get_rng(private_simaka_crypto_t *this)
return this->rng;
}
/**
* Call SIM/AKA key hook
*/
static void call_hook(private_simaka_crypto_t *this, chunk_t encr, chunk_t auth)
{
simaka_manager_t *mgr;
switch (this->type)
{
case EAP_SIM:
mgr = lib->get(lib, "sim-manager");
break;
case EAP_AKA:
mgr = lib->get(lib, "aka-manager");
break;
default:
return;
}
mgr->key_hook(mgr, encr, auth);
}
/**
* Implementation of simaka_crypto_t.derive_keys_full
*/
@ -106,7 +134,7 @@ static chunk_t derive_keys_full(private_simaka_crypto_t *this,
* For AKA: MK = SHA1(Identity|IK|CK) */
this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
this->hasher->allocate_hash(this->hasher, data, mk);
DBG3(DBG_IKE, "MK %B", mk);
DBG3(DBG_LIB, "MK %B", mk);
/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
this->prf->set_key(this->prf, *mk);
@ -119,12 +147,12 @@ static chunk_t derive_keys_full(private_simaka_crypto_t *this,
k_encr = chunk_create(str.ptr, KENCR_LEN);
k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
DBG3(DBG_IKE, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
this->signer->set_key(this->signer, k_auth);
this->crypter->set_key(this->crypter, k_encr);
charon->sim->key_hook(charon->sim, k_encr, k_auth);
call_hook(this, k_encr, k_auth);
this->derived = TRUE;
return chunk_clone(msk);
@ -147,12 +175,12 @@ static void derive_keys_reauth(private_simaka_crypto_t *this, chunk_t mk)
}
k_encr = chunk_create(str.ptr, KENCR_LEN);
k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
DBG3(DBG_IKE, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
this->signer->set_key(this->signer, k_auth);
this->crypter->set_key(this->crypter, k_encr);
charon->sim->key_hook(charon->sim, k_encr, k_auth);
call_hook(this, k_encr, k_auth);
this->derived = TRUE;
}
@ -181,7 +209,7 @@ static chunk_t derive_keys_reauth_msk(private_simaka_crypto_t *this,
this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
}
msk = chunk_create(str.ptr, MSK_LEN);
DBG3(DBG_IKE, "MSK %B", &msk);
DBG3(DBG_LIB, "MSK %B", &msk);
return chunk_clone(msk);
}
@ -210,7 +238,7 @@ static void destroy(private_simaka_crypto_t *this)
/**
* See header
*/
simaka_crypto_t *simaka_crypto_create()
simaka_crypto_t *simaka_crypto_create(eap_type_t type)
{
private_simaka_crypto_t *this = malloc_thing(private_simaka_crypto_t);
@ -223,6 +251,7 @@ simaka_crypto_t *simaka_crypto_create()
this->public.clear_keys = (void(*)(simaka_crypto_t*))clear_keys;
this->public.destroy = (void(*)(simaka_crypto_t*))destroy;
this->type = type;
this->derived = FALSE;
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
@ -232,7 +261,8 @@ simaka_crypto_t *simaka_crypto_create()
if (!this->rng || !this->hasher || !this->prf ||
!this->signer || !this->crypter)
{
DBG1(DBG_IKE, "unable to use EAP-SIM, missing algorithms");
DBG1(DBG_LIB, "unable to use %N, missing algorithms",
eap_type_names, type);
destroy(this);
return NULL;
}

22
src/libcharon/sa/authenticators/eap/sim_hooks.h → src/libsimaka/simaka_hooks.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2008-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,19 +14,21 @@
*/
/**
* @defgroup sim_hooks sim_hooks
* @{ @ingroup eap
* @defgroup simaka_hooks simaka_hooks
* @{ @ingroup libsimaka
*/
#ifndef SIM_HOOKS_H_
#define SIM_HOOKS_H_
#ifndef SIMAKA_HOOKS_H_
#define SIMAKA_HOOKS_H_
typedef struct sim_hooks_t sim_hooks_t;
typedef struct simaka_hooks_t simaka_hooks_t;
#include "simaka_message.h"
/**
* Additional hooks invoked during EAP-SIM/AKA message processing.
*/
struct sim_hooks_t {
struct simaka_hooks_t {
/**
* SIM/AKA message parsing.
@ -38,7 +40,7 @@ struct sim_hooks_t {
* @param inbound TRUE for incoming messages, FALSE for outgoing
* @param decrypted TRUE if AT_ENCR_DATA has been decrypted
*/
void (*message)(sim_hooks_t *this, simaka_message_t *message,
void (*message)(simaka_hooks_t *this, simaka_message_t *message,
bool inbound, bool decrypted);
/**
@ -47,7 +49,7 @@ struct sim_hooks_t {
* @param k_encr derived SIM/AKA encryption key k_encr
* @param k_auth derived SIM/AKA authentication key k_auth
*/
void (*keys)(sim_hooks_t *this, chunk_t k_encr, chunk_t k_auth);
void (*keys)(simaka_hooks_t *this, chunk_t k_encr, chunk_t k_auth);
};
#endif /** SIM_HOOKS_H_ @}*/
#endif /** SIMAKA_HOOKS_H_ @}*/

173
src/libcharon/sa/authenticators/eap/sim_manager.c → src/libsimaka/simaka_manager.c
View File

@ -13,23 +13,23 @@
* for more details.
*/
#include "sim_manager.h"
#include "simaka_manager.h"
#include <daemon.h>
#include <debug.h>
#include <utils/linked_list.h>
#include <threading/rwlock.h>
typedef struct private_sim_manager_t private_sim_manager_t;
typedef struct private_simaka_manager_t private_simaka_manager_t;
/**
* Private data of an sim_manager_t object.
* Private data of an simaka_manager_t object.
*/
struct private_sim_manager_t {
struct private_simaka_manager_t {
/**
* Public sim_manager_t interface.
* Public simaka_manager_t interface.
*/
sim_manager_t public;
simaka_manager_t public;
/**
* list of added cards
@ -52,28 +52,28 @@ struct private_sim_manager_t {
rwlock_t *lock;
};
METHOD(sim_manager_t, add_card, void,
private_sim_manager_t *this, sim_card_t *card)
METHOD(simaka_manager_t, add_card, void,
private_simaka_manager_t *this, simaka_card_t *card)
{
this->lock->write_lock(this->lock);
this->cards->insert_last(this->cards, card);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, remove_card, void,
private_sim_manager_t *this, sim_card_t *card)
METHOD(simaka_manager_t, remove_card, void,
private_simaka_manager_t *this, simaka_card_t *card)
{
this->lock->write_lock(this->lock);
this->cards->remove(this->cards, card, NULL);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, card_get_triplet, bool,
private_sim_manager_t *this, identification_t *id,
METHOD(simaka_manager_t, card_get_triplet, bool,
private_simaka_manager_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
int tried = 0;
this->lock->read_lock(this->lock);
@ -90,18 +90,18 @@ METHOD(sim_manager_t, card_get_triplet, bool,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
DBG1(DBG_IKE, "tried %d SIM cards, but none has triplets for '%Y'",
DBG1(DBG_LIB, "tried %d SIM cards, but none has triplets for '%Y'",
tried, id);
return FALSE;
}
METHOD(sim_manager_t, card_get_quintuplet, status_t,
private_sim_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN],
METHOD(simaka_manager_t, card_get_quintuplet, status_t,
private_simaka_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN],
char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char res[AKA_RES_MAX], int *res_len)
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
status_t status = NOT_FOUND;
int tried = 0;
@ -126,17 +126,17 @@ METHOD(sim_manager_t, card_get_quintuplet, status_t,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
DBG1(DBG_IKE, "tried %d SIM cards, but none has quintuplets for '%Y'",
DBG1(DBG_LIB, "tried %d SIM cards, but none has quintuplets for '%Y'",
tried, id);
return status;
}
METHOD(sim_manager_t, card_resync, bool,
private_sim_manager_t *this, identification_t *id,
METHOD(simaka_manager_t, card_resync, bool,
private_simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN])
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
this->lock->read_lock(this->lock);
enumerator = this->cards->create_enumerator(this->cards);
@ -154,14 +154,14 @@ METHOD(sim_manager_t, card_resync, bool,
return FALSE;
}
METHOD(sim_manager_t, card_set_pseudonym, void,
private_sim_manager_t *this, identification_t *id,
METHOD(simaka_manager_t, card_set_pseudonym, void,
private_simaka_manager_t *this, identification_t *id,
identification_t *pseudonym)
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
DBG1(DBG_IKE, "storing pseudonym '%Y' for '%Y'", pseudonym, id);
DBG1(DBG_LIB, "storing pseudonym '%Y' for '%Y'", pseudonym, id);
this->lock->read_lock(this->lock);
enumerator = this->cards->create_enumerator(this->cards);
@ -173,11 +173,11 @@ METHOD(sim_manager_t, card_set_pseudonym, void,
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, card_get_pseudonym, identification_t*,
private_sim_manager_t *this, identification_t *id)
METHOD(simaka_manager_t, card_get_pseudonym, identification_t*,
private_simaka_manager_t *this, identification_t *id)
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
identification_t *pseudonym = NULL;
this->lock->read_lock(this->lock);
@ -187,7 +187,7 @@ METHOD(sim_manager_t, card_get_pseudonym, identification_t*,
pseudonym = card->get_pseudonym(card, id);
if (pseudonym)
{
DBG1(DBG_IKE, "using stored pseudonym identity '%Y' "
DBG1(DBG_LIB, "using stored pseudonym identity '%Y' "
"instead of '%Y'", pseudonym, id);
break;
}
@ -197,14 +197,14 @@ METHOD(sim_manager_t, card_get_pseudonym, identification_t*,
return pseudonym;
}
METHOD(sim_manager_t, card_set_reauth, void,
private_sim_manager_t *this, identification_t *id, identification_t *next,
METHOD(simaka_manager_t, card_set_reauth, void,
private_simaka_manager_t *this, identification_t *id, identification_t *next,
char mk[HASH_SIZE_SHA1], u_int16_t counter)
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
DBG1(DBG_IKE, "storing next reauthentication identity '%Y' for '%Y'",
DBG1(DBG_LIB, "storing next reauthentication identity '%Y' for '%Y'",
next, id);
this->lock->read_lock(this->lock);
@ -217,12 +217,12 @@ METHOD(sim_manager_t, card_set_reauth, void,
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, card_get_reauth, identification_t*,
private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
METHOD(simaka_manager_t, card_get_reauth, identification_t*,
private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
u_int16_t *counter)
{
enumerator_t *enumerator;
sim_card_t *card;
simaka_card_t *card;
identification_t *reauth = NULL;
this->lock->read_lock(this->lock);
@ -232,7 +232,7 @@ METHOD(sim_manager_t, card_get_reauth, identification_t*,
reauth = card->get_reauth(card, id, mk, counter);
if (reauth)
{
DBG1(DBG_IKE, "using stored reauthentication identity '%Y' "
DBG1(DBG_LIB, "using stored reauthentication identity '%Y' "
"instead of '%Y'", reauth, id);
break;
}
@ -242,28 +242,28 @@ METHOD(sim_manager_t, card_get_reauth, identification_t*,
return reauth;
}
METHOD(sim_manager_t, add_provider, void,
private_sim_manager_t *this, sim_provider_t *provider)
METHOD(simaka_manager_t, add_provider, void,
private_simaka_manager_t *this, simaka_provider_t *provider)
{
this->lock->write_lock(this->lock);
this->providers->insert_last(this->providers, provider);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, remove_provider, void,
private_sim_manager_t *this, sim_provider_t *provider)
METHOD(simaka_manager_t, remove_provider, void,
private_simaka_manager_t *this, simaka_provider_t *provider)
{
this->lock->write_lock(this->lock);
this->providers->remove(this->providers, provider, NULL);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, provider_get_triplet, bool,
private_sim_manager_t *this, identification_t *id, char rand[SIM_RAND_LEN],
char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
METHOD(simaka_manager_t, provider_get_triplet, bool,
private_simaka_manager_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN])
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
int tried = 0;
this->lock->read_lock(this->lock);
@ -280,18 +280,18 @@ METHOD(sim_manager_t, provider_get_triplet, bool,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
DBG1(DBG_IKE, "tried %d SIM providers, but none had a triplet for '%Y'",
DBG1(DBG_LIB, "tried %d SIM providers, but none had a triplet for '%Y'",
tried, id);
return FALSE;
}
METHOD(sim_manager_t, provider_get_quintuplet, bool,
private_sim_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN],
char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN])
METHOD(simaka_manager_t, provider_get_quintuplet, bool,
private_simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len,
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN])
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
int tried = 0;
this->lock->read_lock(this->lock);
@ -308,17 +308,17 @@ METHOD(sim_manager_t, provider_get_quintuplet, bool,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
DBG1(DBG_IKE, "tried %d SIM providers, but none had a quintuplet for '%Y'",
DBG1(DBG_LIB, "tried %d SIM providers, but none had a quintuplet for '%Y'",
tried, id);
return FALSE;
}
METHOD(sim_manager_t, provider_resync, bool,
private_sim_manager_t *this, identification_t *id,
METHOD(simaka_manager_t, provider_resync, bool,
private_simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN])
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
this->lock->read_lock(this->lock);
enumerator = this->providers->create_enumerator(this->providers);
@ -336,11 +336,11 @@ METHOD(sim_manager_t, provider_resync, bool,
return FALSE;
}
METHOD(sim_manager_t, provider_is_pseudonym, identification_t*,
private_sim_manager_t *this, identification_t *id)
METHOD(simaka_manager_t, provider_is_pseudonym, identification_t*,
private_simaka_manager_t *this, identification_t *id)
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
identification_t *permanent = NULL;
this->lock->read_lock(this->lock);
@ -350,7 +350,7 @@ METHOD(sim_manager_t, provider_is_pseudonym, identification_t*,
permanent = provider->is_pseudonym(provider, id);
if (permanent)
{
DBG1(DBG_IKE, "received pseudonym identity '%Y' "
DBG1(DBG_LIB, "received pseudonym identity '%Y' "
"mapping to '%Y'", id, permanent);
break;
}
@ -360,11 +360,11 @@ METHOD(sim_manager_t, provider_is_pseudonym, identification_t*,
return permanent;
}
METHOD(sim_manager_t, provider_gen_pseudonym, identification_t*,
private_sim_manager_t *this, identification_t *id)
METHOD(simaka_manager_t, provider_gen_pseudonym, identification_t*,
private_simaka_manager_t *this, identification_t *id)
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
identification_t *pseudonym = NULL;
this->lock->read_lock(this->lock);
@ -374,7 +374,7 @@ METHOD(sim_manager_t, provider_gen_pseudonym, identification_t*,
pseudonym = provider->gen_pseudonym(provider, id);
if (pseudonym)
{
DBG1(DBG_IKE, "proposing new pseudonym '%Y'", pseudonym);
DBG1(DBG_LIB, "proposing new pseudonym '%Y'", pseudonym);
break;
}
}
@ -383,12 +383,12 @@ METHOD(sim_manager_t, provider_gen_pseudonym, identification_t*,
return pseudonym;
}
METHOD(sim_manager_t, provider_is_reauth, identification_t*,
private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
METHOD(simaka_manager_t, provider_is_reauth, identification_t*,
private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1],
u_int16_t *counter)
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
identification_t *permanent = NULL;
this->lock->read_lock(this->lock);
@ -398,7 +398,7 @@ METHOD(sim_manager_t, provider_is_reauth, identification_t*,
permanent = provider->is_reauth(provider, id, mk, counter);
if (permanent)
{
DBG1(DBG_IKE, "received reauthentication identity '%Y' "
DBG1(DBG_LIB, "received reauthentication identity '%Y' "
"mapping to '%Y'", id, permanent);
break;
}
@ -408,11 +408,11 @@ METHOD(sim_manager_t, provider_is_reauth, identification_t*,
return permanent;
}
METHOD(sim_manager_t, provider_gen_reauth, identification_t*,
private_sim_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1])
METHOD(simaka_manager_t, provider_gen_reauth, identification_t*,
private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1])
{
enumerator_t *enumerator;
sim_provider_t *provider;
simaka_provider_t *provider;
identification_t *reauth = NULL;
this->lock->read_lock(this->lock);
@ -422,7 +422,7 @@ METHOD(sim_manager_t, provider_gen_reauth, identification_t*,
reauth = provider->gen_reauth(provider, id, mk);
if (reauth)
{
DBG1(DBG_IKE, "proposing new reauthentication identity '%Y'", reauth);
DBG1(DBG_LIB, "proposing new reauthentication identity '%Y'", reauth);
break;
}
}
@ -431,28 +431,28 @@ METHOD(sim_manager_t, provider_gen_reauth, identification_t*,
return reauth;
}
METHOD(sim_manager_t, add_hooks, void,
private_sim_manager_t *this, sim_hooks_t *hooks)
METHOD(simaka_manager_t, add_hooks, void,
private_simaka_manager_t *this, simaka_hooks_t *hooks)
{
this->lock->write_lock(this->lock);
this->hooks->insert_last(this->hooks, hooks);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, remove_hooks, void,
private_sim_manager_t *this, sim_hooks_t *hooks)
METHOD(simaka_manager_t, remove_hooks, void,
private_simaka_manager_t *this, simaka_hooks_t *hooks)
{
this->lock->write_lock(this->lock);
this->hooks->remove(this->hooks, hooks, NULL);
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, message_hook, void,
private_sim_manager_t *this, simaka_message_t *message,
METHOD(simaka_manager_t, message_hook, void,
private_simaka_manager_t *this, simaka_message_t *message,
bool inbound, bool decrypted)
{
enumerator_t *enumerator;
sim_hooks_t *hooks;
simaka_hooks_t *hooks;
this->lock->read_lock(this->lock);
enumerator = this->hooks->create_enumerator(this->hooks);
@ -464,11 +464,11 @@ METHOD(sim_manager_t, message_hook, void,
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, key_hook, void,
private_sim_manager_t *this, chunk_t k_encr, chunk_t k_auth)
METHOD(simaka_manager_t, key_hook, void,
private_simaka_manager_t *this, chunk_t k_encr, chunk_t k_auth)
{
enumerator_t *enumerator;
sim_hooks_t *hooks;
simaka_hooks_t *hooks;
this->lock->read_lock(this->lock);
enumerator = this->hooks->create_enumerator(this->hooks);
@ -480,8 +480,8 @@ METHOD(sim_manager_t, key_hook, void,
this->lock->unlock(this->lock);
}
METHOD(sim_manager_t, destroy, void,
private_sim_manager_t *this)
METHOD(simaka_manager_t, destroy, void,
private_simaka_manager_t *this)
{
this->cards->destroy(this->cards);
this->providers->destroy(this->providers);
@ -493,9 +493,9 @@ METHOD(sim_manager_t, destroy, void,
/**
* See header
*/
sim_manager_t *sim_manager_create()
simaka_manager_t *simaka_manager_create()
{
private_sim_manager_t *this;
private_simaka_manager_t *this;
INIT(this,
.public = {
@ -531,4 +531,3 @@ sim_manager_t *sim_manager_create()
return &this->public;
}

78
src/libcharon/sa/authenticators/eap/sim_manager.h → src/libsimaka/simaka_manager.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2008-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,22 +14,18 @@
*/
/**
* @defgroup sim_manager sim_manager
* @{ @ingroup eap
* @defgroup simaka_manager simaka_manager
* @{ @ingroup libsimaka
*/
#ifndef SIM_MANAGER_H_
#define SIM_MANAGER_H_
#ifndef SIMAKA_MANAGER_H_
#define SIMAKA_MANAGER_H_
#include <crypto/hashers/hasher.h>
#include <utils/identification.h>
#include <utils/enumerator.h>
#include <sa/authenticators/eap/eap_method.h>
typedef struct sim_manager_t sim_manager_t;
/** implemented in libsimaka, but we need it for the message hook */
typedef struct simaka_message_t simaka_message_t;
typedef struct simaka_manager_t simaka_manager_t;
#define SIM_RAND_LEN 16
#define SIM_SRES_LEN 4
@ -42,28 +38,28 @@ typedef struct simaka_message_t simaka_message_t;
#define AKA_AUTN_LEN 16
#define AKA_AUTS_LEN 14
#include <sa/authenticators/eap/sim_card.h>
#include <sa/authenticators/eap/sim_provider.h>
#include <sa/authenticators/eap/sim_hooks.h>
#include "simaka_card.h"
#include "simaka_provider.h"
#include "simaka_hooks.h"
/**
* The SIM manager handles multiple (U)SIM cards/providers and hooks.
*/
struct sim_manager_t {
struct simaka_manager_t {
/**
* Register a SIM card (client) at the manager.
*
* @param card sim card to register
*/
void (*add_card)(sim_manager_t *this, sim_card_t *card);
void (*add_card)(simaka_manager_t *this, simaka_card_t *card);
/**
* Unregister a previously registered card from the manager.
*
* @param card sim card to unregister
*/
void (*remove_card)(sim_manager_t *this, sim_card_t *card);
void (*remove_card)(simaka_manager_t *this, simaka_card_t *card);
/**
* Calculate SIM triplets on one of the registered SIM cards.
@ -74,7 +70,7 @@ struct sim_manager_t {
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if calculated, FALSE if no matching card found
*/
bool (*card_get_triplet)(sim_manager_t *this, identification_t *id,
bool (*card_get_triplet)(simaka_manager_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
@ -90,7 +86,7 @@ struct sim_manager_t {
* @param res_len nubmer of bytes written to res buffer
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
status_t (*card_get_quintuplet)(sim_manager_t *this, identification_t *id,
status_t (*card_get_quintuplet)(simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN],
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char res[AKA_RES_MAX], int *res_len);
@ -103,7 +99,7 @@ struct sim_manager_t {
* @param auts resynchronization parameter auts
* @return TRUE if calculated, FALSE if no matcing card found
*/
bool (*card_resync)(sim_manager_t *this, identification_t *id,
bool (*card_resync)(simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
@ -112,7 +108,7 @@ struct sim_manager_t {
* @param id permanent identity of the peer
* @param pseudonym pseudonym identity received from the server
*/
void (*card_set_pseudonym)(sim_manager_t *this, identification_t *id,
void (*card_set_pseudonym)(simaka_manager_t *this, identification_t *id,
identification_t *pseudonym);
/**
@ -121,7 +117,7 @@ struct sim_manager_t {
* @param id permanent identity of the peer
* @return associated pseudonym identity, NULL if none found
*/
identification_t* (*card_get_pseudonym)(sim_manager_t *this,
identification_t* (*card_get_pseudonym)(simaka_manager_t *this,
identification_t *id);
/**
@ -132,7 +128,7 @@ struct sim_manager_t {
* @param mk master key MK to store for reauthentication
* @param counter counter value to store, host order
*/
void (*card_set_reauth)(sim_manager_t *this, identification_t *id,
void (*card_set_reauth)(simaka_manager_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
u_int16_t counter);
@ -144,7 +140,7 @@ struct sim_manager_t {
* @param counter pointer receiving counter value, in host order
* @return fast reauthentication identity, NULL if none found
*/
identification_t* (*card_get_reauth)(sim_manager_t *this,
identification_t* (*card_get_reauth)(simaka_manager_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
u_int16_t *counter);
@ -153,14 +149,14 @@ struct sim_manager_t {
*
* @param card sim card to register
*/
void (*add_provider)(sim_manager_t *this, sim_provider_t *provider);
void (*add_provider)(simaka_manager_t *this, simaka_provider_t *provider);
/**
* Unregister a previously registered provider from the manager.
*
* @param card sim card to unregister
*/
void (*remove_provider)(sim_manager_t *this, sim_provider_t *provider);
void (*remove_provider)(simaka_manager_t *this, simaka_provider_t *provider);
/**
* Get a SIM triplet from one of the registered providers.
@ -171,7 +167,7 @@ struct sim_manager_t {
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if triplet received, FALSE if no match found
*/
bool (*provider_get_triplet)(sim_manager_t *this, identification_t *id,
bool (*provider_get_triplet)(simaka_manager_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
@ -186,7 +182,7 @@ struct sim_manager_t {
* @param autn authentication token autn
* @return TRUE if quintuplet received, FALSE if no match found
*/
bool (*provider_get_quintuplet)(sim_manager_t *this, identification_t *id,
bool (*provider_get_quintuplet)(simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN],
char xres[AKA_RES_MAX], int *xres_len,
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
@ -200,7 +196,7 @@ struct sim_manager_t {
* @param auts synchronization parameter auts
* @return TRUE if resynchronized, FALSE if not handled
*/
bool (*provider_resync)(sim_manager_t *this, identification_t *id,
bool (*provider_resync)(simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
@ -209,7 +205,7 @@ struct sim_manager_t {
* @param id pseudonym identity candidate
* @return permanent identity, NULL if id not a pseudonym
*/
identification_t* (*provider_is_pseudonym)(sim_manager_t *this,
identification_t* (*provider_is_pseudonym)(simaka_manager_t *this,
identification_t *id);
/**
@ -218,7 +214,7 @@ struct sim_manager_t {
* @param id permanent identity to generate a pseudonym for
* @return generated pseudonym, NULL to not use a pseudonym identity
*/
identification_t* (*provider_gen_pseudonym)(sim_manager_t *this,
identification_t* (*provider_gen_pseudonym)(simaka_manager_t *this,
identification_t *id);
/**
@ -229,7 +225,7 @@ struct sim_manager_t {
* @param counter pointer receiving current counter value, host order
* @return permanent identity, NULL if not a known reauth identity
*/
identification_t* (*provider_is_reauth)(sim_manager_t *this,
identification_t* (*provider_is_reauth)(simaka_manager_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
u_int16_t *counter);
@ -240,7 +236,7 @@ struct sim_manager_t {
* @param mk master key to store along with generated identity
* @return fast reauthentication identity, NULL to not use reauth
*/
identification_t* (*provider_gen_reauth)(sim_manager_t *this,
identification_t* (*provider_gen_reauth)(simaka_manager_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1]);
/**
@ -248,14 +244,14 @@ struct sim_manager_t {
*
* @param hooks hook interface implementation to register
*/
void (*add_hooks)(sim_manager_t *this, sim_hooks_t *hooks);
void (*add_hooks)(simaka_manager_t *this, simaka_hooks_t *hooks);
/**
* Unregister a set of hooks from the manager.
*
* @param hooks hook interface implementation to unregister
*/
void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks);
void (*remove_hooks)(simaka_manager_t *this, simaka_hooks_t *hooks);
/**
* Invoke SIM/AKA message hook.
@ -264,7 +260,7 @@ struct sim_manager_t {
* @param inbound TRUE for incoming messages, FALSE for outgoing
* @param decrypted TRUE if AT_ENCR_DATA has been decrypted
*/
void (*message_hook)(sim_manager_t *this, simaka_message_t *message,
void (*message_hook)(simaka_manager_t *this, simaka_message_t *message,
bool inbound, bool decrypted);
/**
@ -273,19 +269,19 @@ struct sim_manager_t {
* @param k_encr SIM/AKA encryption key k_encr
* @param k_auth SIM/AKA authentication key k_auth
*/
void (*key_hook)(sim_manager_t *this, chunk_t k_encr, chunk_t k_auth);
void (*key_hook)(simaka_manager_t *this, chunk_t k_encr, chunk_t k_auth);
/**
* Destroy a manager instance.
*/
void (*destroy)(sim_manager_t *this);
void (*destroy)(simaka_manager_t *this);
};
/**
* Create an SIM manager to handle multiple (U)SIM cards/providers.
* Create an SIM/AKA manager to handle multiple (U)SIM cards/providers.
*
* @return sim_t object
* @return simaka_t object
*/
sim_manager_t *sim_manager_create();
simaka_manager_t *simaka_manager_create();
#endif /** SIM_MANAGER_H_ @}*/
#endif /** SIMAKA_MANAGER_H_ @}*/

71
src/libsimaka/simaka_message.c
View File

@ -15,6 +15,11 @@
#include "simaka_message.h"
#include "simaka_manager.h"
#include <debug.h>
#include <utils/linked_list.h>
typedef struct private_simaka_message_t private_simaka_message_t;
typedef struct hdr_t hdr_t;
typedef struct attr_hdr_t attr_hdr_t;
@ -136,7 +141,7 @@ bool simaka_attribute_skippable(simaka_attribute_t attribute)
{
bool skippable = !(attribute >= 0 && attribute <= 127);
DBG1(DBG_IKE, "%sskippable EAP-SIM/AKA attribute %N",
DBG1(DBG_LIB, "%sskippable EAP-SIM/AKA attribute %N",
skippable ? "ignoring " : "found non-",
simaka_attribute_names, attribute);
return skippable;
@ -269,7 +274,7 @@ static void add_attribute(private_simaka_message_t *this,
*/
static bool not_encrypted(simaka_attribute_t type)
{
DBG1(DBG_IKE, "received unencrypted %N", simaka_attribute_names, type);
DBG1(DBG_LIB, "received unencrypted %N", simaka_attribute_names, type);
return FALSE;
}
@ -278,10 +283,32 @@ static bool not_encrypted(simaka_attribute_t type)
*/
static bool invalid_length(simaka_attribute_t type)
{
DBG1(DBG_IKE, "invalid length of %N", simaka_attribute_names, type);
DBG1(DBG_LIB, "invalid length of %N", simaka_attribute_names, type);
return FALSE;
}
/**
* Call SIM/AKA message hooks
*/
static void call_hook(private_simaka_message_t *this,
bool inbound, bool decrypted)
{
simaka_manager_t *mgr;
switch (this->hdr->type)
{
case EAP_SIM:
mgr = lib->get(lib, "sim-manager");
break;
case EAP_AKA:
mgr = lib->get(lib, "aka-manager");
break;
default:
return;
}
mgr->message_hook(mgr, &this->public, inbound, decrypted);
}
/**
* Parse attributes from a chunk of data
*/
@ -294,7 +321,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
if (in.len < sizeof(attr_hdr_t))
{
DBG1(DBG_IKE, "found short %N attribute header",
DBG1(DBG_LIB, "found short %N attribute header",
eap_type_names, this->hdr->type);
return FALSE;
}
@ -450,7 +477,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
}
else if (!this->encrypted)
{
DBG1(DBG_IKE, "found P-bit 0 notify in unencrypted message");
DBG1(DBG_LIB, "found P-bit 0 notify in unencrypted message");
return FALSE;
}
/* FALL */
@ -460,7 +487,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
}
}
charon->sim->message_hook(charon->sim, &this->public, TRUE, this->encrypted);
call_hook(this, TRUE, this->encrypted);
return TRUE;
}
@ -481,7 +508,7 @@ static bool decrypt(private_simaka_message_t *this)
}
if (this->encr.len % crypter->get_block_size(crypter))
{
DBG1(DBG_IKE, "%N ENCR_DATA not a multiple of block size",
DBG1(DBG_LIB, "%N ENCR_DATA not a multiple of block size",
eap_type_names, this->hdr->type);
return FALSE;
}
@ -543,7 +570,7 @@ static bool verify(private_simaka_message_t *this, chunk_t sigdata)
{
if (!this->mac.ptr || !signer)
{ /* require MAC, but not found */
DBG1(DBG_IKE, "%N message requires a MAC, but none found",
DBG1(DBG_LIB, "%N message requires a MAC, but none found",
simaka_subtype_names, this->hdr->subtype);
return FALSE;
}
@ -558,7 +585,7 @@ static bool verify(private_simaka_message_t *this, chunk_t sigdata)
}
if (!this->mac.ptr || !signer)
{
DBG1(DBG_IKE, "%N message has a phase 0 notify, but "
DBG1(DBG_LIB, "%N message has a phase 0 notify, but "
"no MAC found", simaka_subtype_names, this->hdr->subtype);
return FALSE;
}
@ -566,7 +593,7 @@ static bool verify(private_simaka_message_t *this, chunk_t sigdata)
}
default:
/* unknown message? */
DBG1(DBG_IKE, "signature rule for %N messages missing",
DBG1(DBG_LIB, "signature rule for %N messages missing",
simaka_subtype_names, this->hdr->subtype);
return FALSE;
}
@ -582,7 +609,7 @@ static bool verify(private_simaka_message_t *this, chunk_t sigdata)
}
if (!signer->verify_signature(signer, data, backup))
{
DBG1(DBG_IKE, "%N MAC verification failed",
DBG1(DBG_LIB, "%N MAC verification failed",
eap_type_names, this->hdr->type);
return FALSE;
}
@ -592,7 +619,7 @@ static bool verify(private_simaka_message_t *this, chunk_t sigdata)
/**
* Implementation of simaka_message_t.generate
*/
static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
static chunk_t generate(private_simaka_message_t *this, chunk_t sigdata)
{
/* buffers large enough for messages we generate */
char out_buf[1024], encr_buf[512];
@ -603,7 +630,7 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
u_int16_t len;
signer_t *signer;
charon->sim->message_hook(charon->sim, &this->public, FALSE, TRUE);
call_hook(this, FALSE, TRUE);
out = chunk_create(out_buf, sizeof(out_buf));
encr = chunk_create(encr_buf, sizeof(encr_buf));
@ -723,7 +750,7 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
}
default:
{
DBG1(DBG_IKE, "no rule to encode %N, skipped",
DBG1(DBG_LIB, "no rule to encode %N, skipped",
simaka_attribute_names, type);
break;
}
@ -817,9 +844,9 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
signer->get_signature(signer, data, mac.ptr);
}
charon->sim->message_hook(charon->sim, &this->public, FALSE, FALSE);
call_hook(this, FALSE, FALSE);
return eap_payload_create_data(out);
return chunk_clone(out);
}
/**
@ -843,18 +870,18 @@ static simaka_message_t *simaka_message_create_data(chunk_t data,
if (data.len < sizeof(hdr_t) || hdr->length != htons(data.len))
{
DBG1(DBG_IKE, "EAP-SIM/AKA header has invalid length");
DBG1(DBG_LIB, "EAP-SIM/AKA header has invalid length");
return NULL;
}
if (hdr->code != EAP_REQUEST && hdr->code != EAP_RESPONSE)
{
DBG1(DBG_IKE, "invalid EAP code in EAP-SIM/AKA message",
DBG1(DBG_LIB, "invalid EAP code in EAP-SIM/AKA message",
eap_type_names, hdr->type);
return NULL;
}
if (hdr->type != EAP_SIM && hdr->type != EAP_AKA)
{
DBG1(DBG_IKE, "invalid EAP type in EAP-SIM/AKA message",
DBG1(DBG_LIB, "invalid EAP type in EAP-SIM/AKA message",
eap_type_names, hdr->type);
return NULL;
}
@ -869,7 +896,7 @@ static simaka_message_t *simaka_message_create_data(chunk_t data,
this->public.add_attribute = (void(*)(simaka_message_t*, simaka_attribute_t type, chunk_t data))add_attribute;
this->public.parse = (bool(*)(simaka_message_t*))parse;
this->public.verify = (bool(*)(simaka_message_t*, chunk_t sigdata))verify;
this->public.generate = (eap_payload_t*(*)(simaka_message_t*, chunk_t sigdata))generate;
this->public.generate = (chunk_t(*)(simaka_message_t*, chunk_t sigdata))generate;
this->public.destroy = (void(*)(simaka_message_t*))destroy;
this->attributes = linked_list_create();
@ -888,10 +915,10 @@ static simaka_message_t *simaka_message_create_data(chunk_t data,
/**
* See header.
*/
simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload,
simaka_message_t *simaka_message_create_from_payload(chunk_t data,
simaka_crypto_t *crypto)
{
return simaka_message_create_data(payload->get_data(payload), crypto);
return simaka_message_create_data(data, crypto);
}
/**

11
src/libsimaka/simaka_message.h
View File

@ -27,7 +27,7 @@
#define SIMAKA_MESSAGE_H_
#include <enum.h>
#include <daemon.h>
#include <eap/eap.h>
#include "simaka_crypto.h"
@ -35,6 +35,7 @@ typedef enum simaka_attribute_t simaka_attribute_t;
typedef enum simaka_subtype_t simaka_subtype_t;
typedef enum simaka_notification_t simaka_notification_t;
typedef enum simaka_client_error_t simaka_client_error_t;
typedef struct simaka_message_t simaka_message_t;
/**
* Subtypes of EAP-SIM/AKA messages
@ -235,9 +236,9 @@ struct simaka_message_t {
* Generate a message, optionally encrypt attributes and create a MAC.
*
* @param sigdata additional data to include in signature, if any
* @return generated eap payload, NULL if failed
* @return allocated data of generated message
*/
eap_payload_t* (*generate)(simaka_message_t *this, chunk_t sigdata);
chunk_t (*generate)(simaka_message_t *this, chunk_t sigdata);
/**
* Destroy a simaka_message_t.
@ -262,11 +263,11 @@ simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
/**
* Create an simaka_message from a chunk of data.
*
* @param payload payload to create message from
* @param data message data to parse
* @param crypto EAP-SIM/AKA crypto helper
* @return EAP message, NULL on error
*/
simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload,
simaka_message_t *simaka_message_create_from_payload(chunk_t data,
simaka_crypto_t *crypto);
#endif /** SIMAKA_MESSAGE_H_ @}*/

34
src/libcharon/sa/authenticators/eap/sim_provider.h → src/libsimaka/simaka_provider.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2008-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,14 +14,18 @@
*/
/**
* @defgroup sim_provider sim_provider
* @{ @ingroup eap
* @defgroup simaka_provider simaka_provider
* @{ @ingroup libsimaka
*/
#ifndef SIM_PROVIDER_H_
#define SIM_PROVIDER_H_
#ifndef SIMAKA_PROVIDER_H_
#define SIMAKA_PROVIDER_H_
typedef struct sim_provider_t sim_provider_t;
typedef struct simaka_provider_t simaka_provider_t;
#include "simaka_manager.h"
#include <utils/identification.h>
/**
* Interface for a triplet/quintuplet provider (used as EAP server).
@ -32,7 +36,7 @@ typedef struct sim_provider_t sim_provider_t;
* An implementation supporting only one of SIM/AKA authentication may
* implement the other methods with return_false().
*/
struct sim_provider_t {
struct simaka_provider_t {
/**
* Create a challenge for SIM authentication.
@ -43,7 +47,7 @@ struct sim_provider_t {
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if triplet received, FALSE otherwise
*/
bool (*get_triplet)(sim_provider_t *this, identification_t *id,
bool (*get_triplet)(simaka_provider_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
@ -64,7 +68,7 @@ struct sim_provider_t {
* @param autn authentication token autn
* @return TRUE if quintuplet generated successfully
*/
bool (*get_quintuplet)(sim_provider_t *this, identification_t *id,
bool (*get_quintuplet)(simaka_provider_t *this, identification_t *id,
char rand[AKA_RAND_LEN],
char xres[AKA_RES_MAX], int *xres_len,
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
@ -78,7 +82,7 @@ struct sim_provider_t {
* @param auts synchronization parameter auts
* @return TRUE if resynchronized successfully
*/
bool (*resync)(sim_provider_t *this, identification_t *id,
bool (*resync)(simaka_provider_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
@ -87,7 +91,7 @@ struct sim_provider_t {
* @param id pseudonym identity candidate
* @return permanent identity, NULL if id not a pseudonym
*/
identification_t* (*is_pseudonym)(sim_provider_t *this,
identification_t* (*is_pseudonym)(simaka_provider_t *this,
identification_t *id);
/**
@ -96,7 +100,7 @@ struct sim_provider_t {
* @param id permanent identity to generate a pseudonym for
* @return generated pseudonym, NULL to not use a pseudonym identity
*/
identification_t* (*gen_pseudonym)(sim_provider_t *this,
identification_t* (*gen_pseudonym)(simaka_provider_t *this,
identification_t *id);
/**
@ -107,7 +111,7 @@ struct sim_provider_t {
* @param counter pointer receiving current counter value, host order
* @return permanent identity, NULL if id not a reauth identity
*/
identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id,
identification_t* (*is_reauth)(simaka_provider_t *this, identification_t *id,
char mk[HASH_SIZE_SHA1], u_int16_t *counter);
/**
@ -117,8 +121,8 @@ struct sim_provider_t {
* @param mk master key to store along with generated identity
* @return fast reauthentication identity, NULL to not use reauth
*/
identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id,
identification_t* (*gen_reauth)(simaka_provider_t *this, identification_t *id,
char mk[HASH_SIZE_SHA1]);
};
#endif /** SIM_CARD_H_ @}*/
#endif /** SIMAKA_CARD_H_ @}*/