Annotation of embedaddon/strongswan/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2006-2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup eap_authenticator eap_authenticator
18: * @{ @ingroup authenticators_v2
19: */
20:
21: #ifndef EAP_AUTHENTICATOR_H_
22: #define EAP_AUTHENTICATOR_H_
23:
24: typedef struct eap_authenticator_t eap_authenticator_t;
25:
26: #include <sa/authenticator.h>
27:
28: /**
29: * Implementation of authenticator_t using EAP authentication.
30: *
31: * Authentication using EAP involves the most complex authenticator. It stays
32: * alive over multiple ike_auth transactions and handles multiple EAP
33: * messages.
34: *
35: * @verbatim
36: ike_sa_init
37: ------------------------->
38: <-------------------------
39: followed by multiple ike_auth:
40:
41: +--------+ +--------+
42: | EAP | IDi, [IDr,] SA, TS | EAP |
43: | client | ---------------------------> | server |
44: | | ID, AUTH, EAP | |
45: | | <--------------------------- | |
46: | | EAP | |
47: | | ---------------------------> | |
48: | | EAP | |
49: | | <--------------------------- | |
50: | | EAP | |
51: | | ---------------------------> | |
52: | | EAP(SUCCESS) | |
53: | | <--------------------------- | |
54: | | AUTH | | If EAP establishes
55: | | ---------------------------> | | a session key, AUTH
56: | | AUTH, SA, TS | | payloads use this
57: | | <--------------------------- | | key, not SK_pi/pr
58: +--------+ +--------+
59:
60: @endverbatim
61: */
62: struct eap_authenticator_t {
63:
64: /**
65: * Implemented authenticator_t interface.
66: */
67: authenticator_t authenticator;
68: };
69:
70: /**
71: * Create an authenticator to authenticate against an EAP server.
72: *
73: * @param ike_sa associated ike_sa
74: * @param received_nonce nonce received in IKE_SA_INIT
75: * @param sent_nonce nonce sent in IKE_SA_INIT
76: * @param received_init received IKE_SA_INIT message data
77: * @param sent_init sent IKE_SA_INIT message data
78: * @param reserved reserved bytes of ID payload
79: * @return EAP authenticator
80: */
81: eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
82: chunk_t received_nonce, chunk_t sent_nonce,
83: chunk_t received_init, chunk_t sent_init,
84: char reserved[3]);
85:
86: /**
87: * Create an authenticator to authenticate EAP clients.
88: *
89: * @param ike_sa associated ike_sa
90: * @param received_nonce nonce received in IKE_SA_INIT
91: * @param sent_nonce nonce sent in IKE_SA_INIT
92: * @param received_init received IKE_SA_INIT message data
93: * @param sent_init sent IKE_SA_INIT message data
94: * @param reserved reserved bytes of ID payload
95: * @return EAP authenticator
96: */
97: eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
98: chunk_t received_nonce, chunk_t sent_nonce,
99: chunk_t received_init, chunk_t sent_init,
100: char reserved[3]);
101:
102: #endif /** EAP_AUTHENTICATOR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>