Return to eap_aka_3gpp2_plugin.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_aka_3gpp2 |
1.1 misho 1: /* 2: * Copyright (C) 2008-2009 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup eap_aka_3gpp2 eap_aka_3gpp2 18: * @ingroup cplugins 19: * 20: * @defgroup eap_aka_3gpp2_plugin eap_aka_3gpp2_plugin 21: * @{ @ingroup eap_aka_3gpp2 22: */ 23: 24: #ifndef EAP_AKA_3GPP2_PLUGIN_H_ 25: #define EAP_AKA_3GPP2_PLUGIN_H_ 26: 27: #include <plugins/plugin.h> 28: 29: typedef struct eap_aka_3gpp2_plugin_t eap_aka_3gpp2_plugin_t; 30: 31: /** 32: * Plugin to provide a SIM card/provider using the 3GPP2 (S.S0055) standard. 33: * 34: * This plugin implements the standard of the 3GPP2 (S.S0055) and not the one 35: * of 3GGP, completely in software using the libgmp library.. 36: * The shared key used for authentication is from ipsec.secrets. The 37: * peers ID is used to query it. 38: * The AKA mechanism uses sequence numbers to detect replay attacks. The 39: * peer stores the sequence number normally in a USIM and accepts 40: * incremental sequence numbers (incremental for lifetime of the USIM). To 41: * prevent a complex sequence number management, this implementation uses 42: * a sequence number derived from time. It is initialized to the startup 43: * time of the daemon. 44: * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept 45: * any SEQ numbers. This allows an attacker to do replay attacks. But since 46: * the server has proven his identity via IKE, such an attack is only 47: * possible between server and AAA (if any). 48: */ 49: struct eap_aka_3gpp2_plugin_t { 50: 51: /** 52: * implements plugin interface 53: */ 54: plugin_t plugin; 55: }; 56: 57: #endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/