Annotation of embedaddon/strongswan/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2008-2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15: /*
16: * Copyright (C) 2015 Thomas Strangert
17: * Polystar System AB, Sweden
18: *
19: * Permission is hereby granted, free of charge, to any person obtaining a copy
20: * of this software and associated documentation files (the "Software"), to deal
21: * in the Software without restriction, including without limitation the rights
22: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
23: * copies of the Software, and to permit persons to whom the Software is
24: * furnished to do so, subject to the following conditions:
25: *
26: * The above copyright notice and this permission notice shall be included in
27: * all copies or substantial portions of the Software.
28: *
29: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
31: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
32: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
33: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
34: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
35: * THE SOFTWARE.
36: */
37:
38: /**
39: * @defgroup eap_aka_3gpp eap_aka_3gpp
40: * @ingroup cplugins
41: *
42: * @defgroup eap_aka_3gpp_plugin eap_aka_3gpp_plugin
43: * @{ @ingroup eap_aka_3gpp
44: */
45:
46: #ifndef EAP_AKA_3GPP_PLUGIN_H_
47: #define EAP_AKA_3GPP_PLUGIN_H_
48:
49: #include <plugins/plugin.h>
50:
51: typedef struct eap_aka_3gpp_plugin_t eap_aka_3gpp_plugin_t;
52:
53: /**
54: * Plugin to provide a USIM card/provider according to the 3GPP standard.
55: *
56: * This plugin implements the 3GPP standards TS 35.205, .206, .207, .208
57: * completely in software using the MILENAGE algorithm.
58: * The shared keys used for authentication (K, OPc) are from ipsec.secrets.
59: * The peers ID is used to query it.
60: *
61: * To enable SEQ sequence check by default define SEQ_CHECK. Left undefined/off,
62: * it makes the USIM 'card' to accept any SEQ number, not comparing received
63: * SQN with its own locally stored value. This potentially allows an attacker
64: * to do replay attacks. But since the server has proven his identity via IKE,
65: * such an attack is only possible between server and AAA (if any).
66: * Note that SEQ_CHECK only controls the compile-time default behaviour,
67: * but the run-time behaviour can always be controlled by setting the
68: * charon.plugins.eap-aka-3gpp.seq_check config variable.
69: */
70: struct eap_aka_3gpp_plugin_t {
71:
72: /**
73: * implements plugin interface
74: */
75: plugin_t plugin;
76: };
77:
78: /**
79: * The AKA mechanism uses sequence numbers to detect replay attacks. The
80: * peer stores the sequence number normally in a USIM and accepts
81: * incremental sequence numbers (incremental for lifetime of the USIM). To
82: * prevent a complex sequence number management, this implementation uses
83: * a sequence number derived from time. It is initialized to the startup
84: * time of the daemon. On the provider side, an offset can optionally be
85: * added to allow for a time sqew towards the card side.
86: */
87: #define SQN_TIME_OFFSET 180
88:
89: #endif /** EAP_AKA_3GPP_PLUGIN_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap_aka_3gpp_plugin.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_aka_3gpp