ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c

210 lines
5.8 KiB
C
Raw Blame History

/*
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "eap_simaka_reauth_provider.h"
#include <daemon.h>
#include <utils/hashtable.h>
typedef struct private_eap_simaka_reauth_provider_t private_eap_simaka_reauth_provider_t;
/**
* Private data of an eap_simaka_reauth_provider_t object.
*/
struct private_eap_simaka_reauth_provider_t {
/**
* Public eap_simaka_reauth_provider_t interface.
*/
eap_simaka_reauth_provider_t public;
/**
* Permanent -> reauth_data_t mappings
*/
hashtable_t *reauth;
/**
* Reverse reauth -> permanent mappings
*/
hashtable_t *permanent;
/**
* RNG for pseudonyms/reauth identities
*/
rng_t *rng;
};
/**
* Data associated to a reauthentication identity
*/
typedef struct {
/** currently used reauthentication identity */
identification_t *id;
/** counter value */
u_int16_t counter;
/** master key */
char mk[HASH_SIZE_SHA1];
} reauth_data_t;
/**
* hashtable hash function
*/
static u_int hash(identification_t *key)
{
return chunk_hash(key->get_encoding(key));
}
/**
* hashtable equals function
*/
static bool equals(identification_t *key1, identification_t *key2)
{
return key1->equals(key1, key2);
}
/**
* Generate a random identity
*/
static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this)
{
char buf[8], hex[sizeof(buf) * 2 + 1];
this->rng->get_bytes(this->rng, sizeof(buf), buf);
chunk_to_hex(chunk_create(buf, sizeof(buf)), hex, FALSE);
return identification_create_from_string(hex);
}
/**
* Implementation of simaka_provider_t.is_reauth
*/
static identification_t *is_reauth(private_eap_simaka_reauth_provider_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1],
u_int16_t *counter)
{
identification_t *permanent;
reauth_data_t *data;
/* look up permanent identity */
permanent = this->permanent->get(this->permanent, id);
if (!permanent)
{
return NULL;
}
/* look up reauthentication data */
data = this->reauth->get(this->reauth, permanent);
if (!data)
{
return NULL;
}
*counter = ++data->counter;
memcpy(mk, data->mk, HASH_SIZE_SHA1);
return permanent->clone(permanent);
}
/**
* Implementation of simaka_provider_t.gen_reauth
*/
static identification_t *gen_reauth(private_eap_simaka_reauth_provider_t *this,
identification_t *id, char mk[HASH_SIZE_SHA1])
{
reauth_data_t *data;
identification_t *permanent;
data = this->reauth->get(this->reauth, id);
if (data)
{ /* update existing entry */
permanent = this->permanent->remove(this->permanent, data->id);
if (permanent)
{
data->id->destroy(data->id);
data->id = gen_identity(this);
this->permanent->put(this->permanent, data->id, permanent);
}
}
else
{ /* generate new entry */
data = malloc_thing(reauth_data_t);
data->counter = 0;
data->id = gen_identity(this);
id = id->clone(id);
this->reauth->put(this->reauth, id, data);
this->permanent->put(this->permanent, data->id, id);
}
memcpy(data->mk, mk, HASH_SIZE_SHA1);
return data->id->clone(data->id);
}
/**
* Implementation of eap_simaka_reauth_provider_t.destroy.
*/
static void destroy(private_eap_simaka_reauth_provider_t *this)
{
enumerator_t *enumerator;
identification_t *id;
reauth_data_t *data;
void *key;
enumerator = this->permanent->create_enumerator(this->permanent);
while (enumerator->enumerate(enumerator, &key, &id))
{
id->destroy(id);
}
enumerator->destroy(enumerator);
enumerator = this->reauth->create_enumerator(this->reauth);
while (enumerator->enumerate(enumerator, &key, &data))
{
data->id->destroy(data->id);
free(data);
}
enumerator->destroy(enumerator);
this->permanent->destroy(this->permanent);
this->reauth->destroy(this->reauth);
this->rng->destroy(this->rng);
free(this);
}
/**
* See header
*/
eap_simaka_reauth_provider_t *eap_simaka_reauth_provider_create()
{
private_eap_simaka_reauth_provider_t *this = malloc_thing(private_eap_simaka_reauth_provider_t);
this->public.provider.get_triplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
this->public.provider.get_quintuplet = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
this->public.provider.resync = (bool(*)(simaka_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.provider.is_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(simaka_provider_t*, identification_t *id))return_null;
this->public.provider.is_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))is_reauth;
this->public.provider.gen_reauth = (identification_t*(*)(simaka_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))gen_reauth;
this->public.destroy = (void(*)(eap_simaka_reauth_provider_t*))destroy;
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!this->rng)
{
free(this);
return NULL;
}
this->permanent = hashtable_create((void*)hash, (void*)equals, 0);
this->reauth = hashtable_create((void*)hash, (void*)equals, 0);
return &this->public;
}
View Git Blame Copy Permalink