Annotation of embedaddon/strongswan/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008-2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup eap_aka_3gpp2 eap_aka_3gpp2
! 18: * @ingroup cplugins
! 19: *
! 20: * @defgroup eap_aka_3gpp2_plugin eap_aka_3gpp2_plugin
! 21: * @{ @ingroup eap_aka_3gpp2
! 22: */
! 23:
! 24: #ifndef EAP_AKA_3GPP2_PLUGIN_H_
! 25: #define EAP_AKA_3GPP2_PLUGIN_H_
! 26:
! 27: #include <plugins/plugin.h>
! 28:
! 29: typedef struct eap_aka_3gpp2_plugin_t eap_aka_3gpp2_plugin_t;
! 30:
! 31: /**
! 32: * Plugin to provide a SIM card/provider using the 3GPP2 (S.S0055) standard.
! 33: *
! 34: * This plugin implements the standard of the 3GPP2 (S.S0055) and not the one
! 35: * of 3GGP, completely in software using the libgmp library..
! 36: * The shared key used for authentication is from ipsec.secrets. The
! 37: * peers ID is used to query it.
! 38: * The AKA mechanism uses sequence numbers to detect replay attacks. The
! 39: * peer stores the sequence number normally in a USIM and accepts
! 40: * incremental sequence numbers (incremental for lifetime of the USIM). To
! 41: * prevent a complex sequence number management, this implementation uses
! 42: * a sequence number derived from time. It is initialized to the startup
! 43: * time of the daemon.
! 44: * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept
! 45: * any SEQ numbers. This allows an attacker to do replay attacks. But since
! 46: * the server has proven his identity via IKE, such an attack is only
! 47: * possible between server and AAA (if any).
! 48: */
! 49: struct eap_aka_3gpp2_plugin_t {
! 50:
! 51: /**
! 52: * implements plugin interface
! 53: */
! 54: plugin_t plugin;
! 55: };
! 56:
! 57: #endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>