Annotation of embedaddon/strongswan/src/libsimaka/simaka_message.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup libsimaka libsimaka
! 18: *
! 19: * @addtogroup libsimaka
! 20: * Library providing functions shared between EAP-SIM and EAP-AKA plugins.
! 21: *
! 22: * @defgroup simaka_message simaka_message
! 23: * @{ @ingroup libsimaka
! 24: */
! 25:
! 26: #ifndef SIMAKA_MESSAGE_H_
! 27: #define SIMAKA_MESSAGE_H_
! 28:
! 29: #include <utils/utils.h>
! 30: #include <eap/eap.h>
! 31:
! 32: #include "simaka_crypto.h"
! 33:
! 34: typedef enum simaka_attribute_t simaka_attribute_t;
! 35: typedef enum simaka_subtype_t simaka_subtype_t;
! 36: typedef enum simaka_notification_t simaka_notification_t;
! 37: typedef enum simaka_client_error_t simaka_client_error_t;
! 38: typedef struct simaka_message_t simaka_message_t;
! 39:
! 40: /**
! 41: * Subtypes of EAP-SIM/AKA messages
! 42: */
! 43: enum simaka_subtype_t {
! 44: AKA_CHALLENGE = 1,
! 45: AKA_AUTHENTICATION_REJECT = 2,
! 46: AKA_SYNCHRONIZATION_FAILURE = 4,
! 47: AKA_IDENTITY = 5,
! 48: SIM_START = 10,
! 49: SIM_CHALLENGE = 11,
! 50: SIM_NOTIFICATION = 12,
! 51: AKA_NOTIFICATION = 12,
! 52: SIM_REAUTHENTICATION = 13,
! 53: AKA_REAUTHENTICATION = 13,
! 54: SIM_CLIENT_ERROR = 14,
! 55: AKA_CLIENT_ERROR = 14,
! 56: };
! 57:
! 58: /**
! 59: * Enum names for simaka_subtype_t
! 60: */
! 61: extern enum_name_t *simaka_subtype_names;
! 62:
! 63: /**
! 64: * Attributes in EAP-SIM/AKA messages
! 65: */
! 66: enum simaka_attribute_t {
! 67: AT_RAND = 1,
! 68: AT_AUTN = 2,
! 69: AT_RES = 3,
! 70: AT_AUTS = 4,
! 71: AT_PADDING = 6,
! 72: AT_NONCE_MT = 7,
! 73: AT_PERMANENT_ID_REQ = 10,
! 74: AT_MAC = 11,
! 75: AT_NOTIFICATION = 12,
! 76: AT_ANY_ID_REQ = 13,
! 77: AT_IDENTITY = 14,
! 78: AT_VERSION_LIST = 15,
! 79: AT_SELECTED_VERSION = 16,
! 80: AT_FULLAUTH_ID_REQ = 17,
! 81: AT_COUNTER = 19,
! 82: AT_COUNTER_TOO_SMALL = 20,
! 83: AT_NONCE_S = 21,
! 84: AT_CLIENT_ERROR_CODE = 22,
! 85: AT_IV = 129,
! 86: AT_ENCR_DATA = 130,
! 87: AT_NEXT_PSEUDONYM = 132,
! 88: AT_NEXT_REAUTH_ID = 133,
! 89: AT_CHECKCODE = 134,
! 90: AT_RESULT_IND = 135,
! 91: };
! 92:
! 93: /**
! 94: * Enum names for simaka_attribute_t
! 95: */
! 96: extern enum_name_t *simaka_attribute_names;
! 97:
! 98: /**
! 99: * Notification codes used within AT_NOTIFICATION attribute.
! 100: */
! 101: enum simaka_notification_t {
! 102: /** SIM General failure after authentication. (Implies failure) */
! 103: SIM_GENERAL_FAILURE_AA = 0,
! 104: /** AKA General failure after authentication. (Implies failure) */
! 105: AKA_GENERAL_FAILURE_AA = 0,
! 106: /** SIM General failure. (Implies failure, used before authentication) */
! 107: SIM_GENERAL_FAILURE = 16384,
! 108: /** AKA General failure. (Implies failure, used before authentication) */
! 109: AKA_GENERAL_FAILURE = 16384,
! 110: /** SIM User has been temporarily denied access to the requested service. */
! 111: SIM_TEMP_DENIED = 1026,
! 112: /** AKA User has been temporarily denied access to the requested service. */
! 113: AKA_TEMP_DENIED = 1026,
! 114: /** SIM User has not subscribed to the requested service. */
! 115: SIM_NOT_SUBSCRIBED = 1031,
! 116: /** AKA User has not subscribed to the requested service. */
! 117: AKA_NOT_SUBSCRIBED = 1031,
! 118: /** SIM Success. User has been successfully authenticated. */
! 119: SIM_SUCCESS = 32768,
! 120: /** AKA Success. User has been successfully authenticated. */
! 121: AKA_SUCCESS = 32768,
! 122: };
! 123:
! 124: /**
! 125: * Enum names for simaka_notification_t
! 126: */
! 127: extern enum_name_t *simaka_notification_names;
! 128:
! 129: /**
! 130: * Error codes sent in AT_CLIENT_ERROR_CODE attribute
! 131: */
! 132: enum simaka_client_error_t {
! 133: /** AKA unable to process packet */
! 134: AKA_UNABLE_TO_PROCESS = 0,
! 135: /** SIM unable to process packet */
! 136: SIM_UNABLE_TO_PROCESS = 0,
! 137: /** SIM unsupported version */
! 138: SIM_UNSUPPORTED_VERSION = 1,
! 139: /** SIM insufficient number of challenges */
! 140: SIM_INSUFFICIENT_CHALLENGES = 2,
! 141: /** SIM RANDs are not fresh */
! 142: SIM_RANDS_NOT_FRESH = 3,
! 143: };
! 144:
! 145: /**
! 146: * Enum names for simaka_client_error_t
! 147: */
! 148: extern enum_name_t *simaka_client_error_names;
! 149:
! 150: /**
! 151: * Check if an EAP-SIM/AKA attribute is "skippable".
! 152: *
! 153: * @param attribute attribute to check
! 154: * @return TRUE if attribute skippable, FALSE if non-skippable
! 155: */
! 156: bool simaka_attribute_skippable(simaka_attribute_t attribute);
! 157:
! 158: /**
! 159: * EAP-SIM and EAP-AKA message abstraction.
! 160: *
! 161: * Messages for EAP-SIM and EAP-AKA share a common format, this class
! 162: * abstracts such a message and provides encoding/encryption/signing
! 163: * functionality.
! 164: */
! 165: struct simaka_message_t {
! 166:
! 167: /**
! 168: * Check if the given message is a request or response.
! 169: *
! 170: * @return TRUE if request, FALSE if response
! 171: */
! 172: bool (*is_request)(simaka_message_t *this);
! 173:
! 174: /**
! 175: * Get the EAP message identifier.
! 176: *
! 177: * @return EAP message identifier
! 178: */
! 179: uint8_t (*get_identifier)(simaka_message_t *this);
! 180:
! 181: /**
! 182: * Get the EAP type of the message.
! 183: *
! 184: * @return EAP type: EAP-SIM or EAP-AKA
! 185: */
! 186: eap_type_t (*get_type)(simaka_message_t *this);
! 187:
! 188: /**
! 189: * Get the subtype of an EAP-SIM message.
! 190: *
! 191: * @return subtype of message
! 192: */
! 193: simaka_subtype_t (*get_subtype)(simaka_message_t *this);
! 194:
! 195: /**
! 196: * Create an enumerator over message attributes.
! 197: *
! 198: * @return enumerator over (simaka_attribute_t, chunk_t)
! 199: */
! 200: enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this);
! 201:
! 202: /**
! 203: * Append an attribute to the EAP-SIM message.
! 204: *
! 205: * Make sure to pass only data of correct length for the given attribute.
! 206: *
! 207: * @param type type of attribute to add to message
! 208: * @param data unpadded attribute data to add
! 209: */
! 210: void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type,
! 211: chunk_t data);
! 212:
! 213: /**
! 214: * Parse a message, with optional attribute decryption.
! 215: *
! 216: * This method does not verify message integrity, as the key is available
! 217: * only after the payload has been parsed. It might be necessary to call
! 218: * parse twice, as key derivation data in EAP-SIM/AKA is in the same
! 219: * packet as encrypted data.
! 220: *
! 221: * @param crypto EAP-SIM/AKA crypto helper
! 222: * @return TRUE if message parsed successfully
! 223: */
! 224: bool (*parse)(simaka_message_t *this);
! 225:
! 226: /**
! 227: * Verify the message integrity of a parsed message.
! 228: *
! 229: * @param crypto EAP-SIM/AKA crypto helper
! 230: * @param sigdata additional data to include in signature, if any
! 231: * @return TRUE if message integrity check successful
! 232: */
! 233: bool (*verify)(simaka_message_t *this, chunk_t sigdata);
! 234:
! 235: /**
! 236: * Generate a message, optionally encrypt attributes and create a MAC.
! 237: *
! 238: * @param sigdata additional data to include in signature, if any
! 239: * @param gen allocated generated data, if successful
! 240: * @return TRUE if successful
! 241: */
! 242: bool (*generate)(simaka_message_t *this, chunk_t sigdata, chunk_t *gen);
! 243:
! 244: /**
! 245: * Destroy a simaka_message_t.
! 246: */
! 247: void (*destroy)(simaka_message_t *this);
! 248: };
! 249:
! 250: /**
! 251: * Create an empty simaka_message.
! 252: *
! 253: * @param request TRUE for a request message, FALSE for a response
! 254: * @param identifier EAP message identifier
! 255: * @param type EAP type: EAP-SIM or EAP-AKA
! 256: * @param subtype subtype of the EAP message
! 257: * @param crypto EAP-SIM/AKA crypto helper
! 258: * @return empty message of requested kind, NULL on error
! 259: */
! 260: simaka_message_t *simaka_message_create(bool request, uint8_t identifier,
! 261: eap_type_t type, simaka_subtype_t subtype,
! 262: simaka_crypto_t *crypto);
! 263:
! 264: /**
! 265: * Create an simaka_message from a chunk of data.
! 266: *
! 267: * @param data message data to parse
! 268: * @param crypto EAP-SIM/AKA crypto helper
! 269: * @return EAP message, NULL on error
! 270: */
! 271: simaka_message_t *simaka_message_create_from_payload(chunk_t data,
! 272: simaka_crypto_t *crypto);
! 273:
! 274: #endif /** SIMAKA_MESSAGE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to simaka_message.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libsimaka