[BACK]Return to eap_aka_3gpp_functions.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_aka_3gpp
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_aka_3gpp / eap_aka_3gpp_functions.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:44 2020 UTC (4 years, 2 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

/*
 * Copyright (C) 2008-2009 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */
/*
 * Copyright (C) 2015 Thomas Strangert
 * Polystar System AB, Sweden
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

/**
 * @defgroup eap_aka_3gpp_functions eap_aka_3gpp_functions
 * @{ @ingroup eap_aka_3gpp
 */

#ifndef EAP_AKA_3GPP_FUNCTIONS_H_
#define EAP_AKA_3GPP_FUNCTIONS_H_

#include <credentials/keys/shared_key.h>
#include <simaka_manager.h>
#include "eap_aka_3gpp_plugin.h"

#define AKA_SQN_LEN		 6
#define AKA_K_LEN		16
#define AKA_OPC_LEN		16
#define AKA_MAC_LEN		 8
#define AKA_AK_LEN		 6
#define AKA_AMF_LEN		 2
#define AKA_RES_LEN		 8

typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t;

/**
 * Get a shared key K and OPc of a particular user from the credential database.
 *
 * @param id			user identity
 * @param[out] k		(16 byte) scratchpad to receive secret key K
 * @param[out] opc		(16 byte) scratchpad to receive operator variant key
 *						derivative OPc
 */
bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN],
							uint8_t opc[AKA_OPC_LEN]);

/**
 * Get SQN using current time. Only used when creating/initializing
 * an eap_aka_3gpp_card_t or eap_aka_3gpp_provider_t object.
 *
 * @param offset		time offset to add to current time to avoid initial
 *						SQN resync
 * @param[out] sqn		(6 byte) scratchpad to receive generated SQN
 */
void eap_aka_3gpp_get_sqn(uint8_t sqn[AKA_SQN_LEN], int offset);

/**
 * f1, f1*(), f2345() and f5*() functions from 3GPP as specified
 * in the TS 35.205, .206, .207, .208 standards.
 */
struct eap_aka_3gpp_functions_t {

	/**
	 * f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc
	 *
	 * @param k			(128 bit) secret key K
	 * @param opc		(128 bit) operator variant key derivative OPc
	 * @param rand		(128 bit) random value RAND
	 * @param sqn		 (48 bit) sequence number SQN
	 * @param amf		 (16 bit) authentication management field AMF
	 * @param[out] maca	 (64 bit) scratchpad to receive network auth code MAC-A
	 * @return				TRUE if calculations successful
	 */
	bool (*f1)(eap_aka_3gpp_functions_t *this,
			const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN],
			const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN],
			const uint8_t amf[AKA_AMF_LEN],
			uint8_t maca[AKA_MAC_LEN]);


	/**
	 * f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc
	 *
	 * @param k			(128 bit) secret key K
	 * @param opc		(128 bit) operator variant key derivative OPc
	 * @param rand		(128 bit) random value RAND
	 * @param sqn		 (48 bit) sequence number SQN
	 * @param amf		 (16 bit) authentication management field AMF
	 * @param[out] macs	 (64 bit) scratchpad to receive resync auth code MAC-S
	 * @return				TRUE if calculations successful
	 */
	bool (*f1star)(eap_aka_3gpp_functions_t *this,
			const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN],
			const uint8_t rand[AKA_RAND_LEN], const uint8_t sqn[AKA_SQN_LEN],
			const uint8_t amf[AKA_AMF_LEN],
			uint8_t macs[AKA_MAC_LEN]);

	/**
	 * f2345 : Do f2, f3, f4 and f5 in a single scoop, where:
	 * f2 : Calculates RES from RAND using K and OPc
	 * f3 : Calculates CK  from RAND using K and OPc
	 * f4 : Calculates IK  from RAND using K and OPc
	 * f5 : Calculates AK  from RAND using K and OPc
	 *
	 * @param k			(128 bit) secret key K
	 * @param opc		(128 bit) operator variant key derivative OPc
	 * @param rand		(128 bit) random value RAND
	 * @param[out] res	 (64 bit) scratchpad to receive signed response RES
	 * @param[out] ck	(128 bit) scratchpad to receive encryption key CK
	 * @param[out] ik	(128 bit) scratchpad to receive integrity key IK
	 * @param[out] ak	 (48 bit) scratchpad to receive anonymity key AK
	 * @return				TRUE if calculations successful
	 */
	bool (*f2345)(eap_aka_3gpp_functions_t *this,
				  const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN],
				  const uint8_t rand[AKA_RAND_LEN],
				  uint8_t res[AKA_RES_LEN], uint8_t ck[AKA_CK_LEN],
				  uint8_t ik[AKA_IK_LEN], uint8_t ak[AKA_AK_LEN]);


	/**
	 * f5* : Calculates resync AKS from RAND using K and OPc
	 *
	 * @param k			(128 bit) secret key K
	 * @param opc		(128 bit) operator variant key derivative OPc
	 * @param rand		(128 bit) random value RAND
	 * @param[out] aks	 (48 bit) scratchpad to receive resync anonymity key AKS
	 * @return				TRUE if calculations successful
	 */
	bool (*f5star)(eap_aka_3gpp_functions_t *this,
				   const uint8_t k[AKA_K_LEN], const uint8_t opc[AKA_OPC_LEN],
				   const uint8_t rand[AKA_RAND_LEN],
				   uint8_t aks[AKA_AK_LEN]);

	/**
	 * Destroy a eap_aka_3gpp_functions_t.
	 */
	void (*destroy)(eap_aka_3gpp_functions_t *this);
};

/**
 * Create a eap_aka_3gpp_functions instance.
 *
 * @return	function set, NULL on error
 */
eap_aka_3gpp_functions_t *eap_aka_3gpp_functions_create();

#endif /** EAP_AKA_3GPP_FUNCTIONS_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>