[BACK]Return to simaka_message.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libsimaka
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libsimaka / simaka_message.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:43 2020 UTC (4 years, 3 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1: /*
    2:  * Copyright (C) 2009 Martin Willi
    3:  * HSR Hochschule fuer Technik Rapperswil
    4:  *
    5:  * This program is free software; you can redistribute it and/or modify it
    6:  * under the terms of the GNU General Public License as published by the
    7:  * Free Software Foundation; either version 2 of the License, or (at your
    8:  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
    9:  *
   10:  * This program is distributed in the hope that it will be useful, but
   11:  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
   12:  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   13:  * for more details.
   14:  */
   15: 
   16: /**
   17:  * @defgroup libsimaka libsimaka
   18:  *
   19:  * @addtogroup libsimaka
   20:  * Library providing functions shared between EAP-SIM and EAP-AKA plugins.
   21:  *
   22:  * @defgroup simaka_message simaka_message
   23:  * @{ @ingroup libsimaka
   24:  */
   25: 
   26: #ifndef SIMAKA_MESSAGE_H_
   27: #define SIMAKA_MESSAGE_H_
   28: 
   29: #include <utils/utils.h>
   30: #include <eap/eap.h>
   31: 
   32: #include "simaka_crypto.h"
   33: 
   34: typedef enum simaka_attribute_t simaka_attribute_t;
   35: typedef enum simaka_subtype_t simaka_subtype_t;
   36: typedef enum simaka_notification_t simaka_notification_t;
   37: typedef enum simaka_client_error_t simaka_client_error_t;
   38: typedef struct simaka_message_t simaka_message_t;
   39: 
   40: /**
   41:  * Subtypes of EAP-SIM/AKA messages
   42:  */
   43: enum simaka_subtype_t {
   44: 	AKA_CHALLENGE = 1,
   45: 	AKA_AUTHENTICATION_REJECT = 2,
   46: 	AKA_SYNCHRONIZATION_FAILURE = 4,
   47: 	AKA_IDENTITY = 5,
   48: 	SIM_START = 10,
   49: 	SIM_CHALLENGE = 11,
   50: 	SIM_NOTIFICATION = 12,
   51: 	AKA_NOTIFICATION = 12,
   52: 	SIM_REAUTHENTICATION = 13,
   53: 	AKA_REAUTHENTICATION = 13,
   54: 	SIM_CLIENT_ERROR = 14,
   55: 	AKA_CLIENT_ERROR = 14,
   56: };
   57: 
   58: /**
   59:  * Enum names for simaka_subtype_t
   60:  */
   61: extern enum_name_t *simaka_subtype_names;
   62: 
   63: /**
   64:  * Attributes in EAP-SIM/AKA messages
   65:  */
   66: enum simaka_attribute_t {
   67: 	AT_RAND = 1,
   68: 	AT_AUTN = 2,
   69: 	AT_RES = 3,
   70: 	AT_AUTS = 4,
   71: 	AT_PADDING = 6,
   72: 	AT_NONCE_MT = 7,
   73: 	AT_PERMANENT_ID_REQ = 10,
   74: 	AT_MAC = 11,
   75: 	AT_NOTIFICATION = 12,
   76: 	AT_ANY_ID_REQ = 13,
   77: 	AT_IDENTITY = 14,
   78: 	AT_VERSION_LIST = 15,
   79: 	AT_SELECTED_VERSION = 16,
   80: 	AT_FULLAUTH_ID_REQ = 17,
   81: 	AT_COUNTER = 19,
   82: 	AT_COUNTER_TOO_SMALL = 20,
   83: 	AT_NONCE_S = 21,
   84: 	AT_CLIENT_ERROR_CODE = 22,
   85: 	AT_IV = 129,
   86: 	AT_ENCR_DATA = 130,
   87: 	AT_NEXT_PSEUDONYM = 132,
   88: 	AT_NEXT_REAUTH_ID = 133,
   89: 	AT_CHECKCODE = 134,
   90: 	AT_RESULT_IND = 135,
   91: };
   92: 
   93: /**
   94:  * Enum names for simaka_attribute_t
   95:  */
   96: extern enum_name_t *simaka_attribute_names;
   97: 
   98: /**
   99:  * Notification codes used within AT_NOTIFICATION attribute.
  100:  */
  101: enum simaka_notification_t {
  102: 	/** SIM General failure after authentication. (Implies failure) */
  103: 	SIM_GENERAL_FAILURE_AA = 0,
  104: 	/** AKA General failure after authentication. (Implies failure) */
  105: 	AKA_GENERAL_FAILURE_AA = 0,
  106: 	/** SIM General failure. (Implies failure, used before authentication) */
  107: 	SIM_GENERAL_FAILURE = 16384,
  108: 	/** AKA General failure. (Implies failure, used before authentication) */
  109: 	AKA_GENERAL_FAILURE = 16384,
  110: 	/** SIM User has been temporarily denied access to the requested service. */
  111: 	SIM_TEMP_DENIED = 1026,
  112: 	/** AKA User has been temporarily denied access to the requested service. */
  113: 	AKA_TEMP_DENIED = 1026,
  114: 	/** SIM User has not subscribed to the requested service. */
  115: 	SIM_NOT_SUBSCRIBED = 1031,
  116: 	/** AKA User has not subscribed to the requested service. */
  117: 	AKA_NOT_SUBSCRIBED = 1031,
  118: 	/** SIM Success. User has been successfully authenticated. */
  119: 	SIM_SUCCESS = 32768,
  120: 	/** AKA Success. User has been successfully authenticated. */
  121: 	AKA_SUCCESS = 32768,
  122: };
  123: 
  124: /**
  125:  * Enum names for simaka_notification_t
  126:  */
  127: extern enum_name_t *simaka_notification_names;
  128: 
  129: /**
  130:  * Error codes sent in AT_CLIENT_ERROR_CODE attribute
  131:  */
  132: enum simaka_client_error_t {
  133: 	/** AKA unable to process packet */
  134: 	AKA_UNABLE_TO_PROCESS = 0,
  135: 	/** SIM unable to process packet */
  136: 	SIM_UNABLE_TO_PROCESS = 0,
  137: 	/** SIM unsupported version */
  138: 	SIM_UNSUPPORTED_VERSION = 1,
  139: 	/** SIM insufficient number of challenges */
  140: 	SIM_INSUFFICIENT_CHALLENGES = 2,
  141: 	/** SIM RANDs are not fresh */
  142: 	SIM_RANDS_NOT_FRESH = 3,
  143: };
  144: 
  145: /**
  146:  * Enum names for simaka_client_error_t
  147:  */
  148: extern enum_name_t *simaka_client_error_names;
  149: 
  150: /**
  151:  * Check if an EAP-SIM/AKA attribute is "skippable".
  152:  *
  153:  * @param attribute		attribute to check
  154:  * @return				TRUE if attribute skippable, FALSE if non-skippable
  155:  */
  156: bool simaka_attribute_skippable(simaka_attribute_t attribute);
  157: 
  158: /**
  159:  * EAP-SIM and EAP-AKA message abstraction.
  160:  *
  161:  * Messages for EAP-SIM and EAP-AKA share a common format, this class
  162:  * abstracts such a message and provides encoding/encryption/signing
  163:  * functionality.
  164:  */
  165: struct simaka_message_t {
  166: 
  167: 	/**
  168: 	 * Check if the given message is a request or response.
  169: 	 *
  170: 	 * @return			TRUE if request, FALSE if response
  171: 	 */
  172: 	bool (*is_request)(simaka_message_t *this);
  173: 
  174: 	/**
  175: 	 * Get the EAP message identifier.
  176: 	 *
  177: 	 * @return			EAP message identifier
  178: 	 */
  179: 	uint8_t (*get_identifier)(simaka_message_t *this);
  180: 
  181: 	/**
  182: 	 * Get the EAP type of the message.
  183: 	 *
  184: 	 * @return			EAP type: EAP-SIM or EAP-AKA
  185: 	 */
  186: 	eap_type_t (*get_type)(simaka_message_t *this);
  187: 
  188: 	/**
  189: 	 * Get the subtype of an EAP-SIM message.
  190: 	 *
  191: 	 * @return			subtype of message
  192: 	 */
  193: 	simaka_subtype_t (*get_subtype)(simaka_message_t *this);
  194: 
  195: 	/**
  196: 	 * Create an enumerator over message attributes.
  197: 	 *
  198: 	 * @return			enumerator over (simaka_attribute_t, chunk_t)
  199: 	 */
  200: 	enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this);
  201: 
  202: 	/**
  203: 	 * Append an attribute to the EAP-SIM message.
  204: 	 *
  205: 	 * Make sure to pass only data of correct length for the given attribute.
  206: 	 *
  207: 	 * @param type		type of attribute to add to message
  208: 	 * @param data		unpadded attribute data to add
  209: 	 */
  210: 	void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type,
  211: 						  chunk_t data);
  212: 
  213: 	/**
  214: 	 * Parse a message, with optional attribute decryption.
  215: 	 *
  216: 	 * This method does not verify message integrity, as the key is available
  217: 	 * only after the payload has been parsed. It might be necessary to call
  218: 	 * parse twice, as key derivation data in EAP-SIM/AKA is in the same
  219: 	 * packet as encrypted data.
  220: 	 *
  221: 	 * @param crypto	EAP-SIM/AKA crypto helper
  222: 	 * @return			TRUE if message parsed successfully
  223: 	 */
  224: 	bool (*parse)(simaka_message_t *this);
  225: 
  226: 	/**
  227: 	 * Verify the message integrity of a parsed message.
  228: 	 *
  229: 	 * @param crypto	EAP-SIM/AKA crypto helper
  230: 	 * @param sigdata	additional data to include in signature, if any
  231: 	 * @return			TRUE if message integrity check successful
  232: 	 */
  233: 	bool (*verify)(simaka_message_t *this, chunk_t sigdata);
  234: 
  235: 	/**
  236: 	 * Generate a message, optionally encrypt attributes and create a MAC.
  237: 	 *
  238: 	 * @param sigdata	additional data to include in signature, if any
  239: 	 * @param gen		allocated generated data, if successful
  240: 	 * @return			TRUE if successful
  241: 	 */
  242: 	bool (*generate)(simaka_message_t *this, chunk_t sigdata, chunk_t *gen);
  243: 
  244: 	/**
  245: 	 * Destroy a simaka_message_t.
  246: 	 */
  247: 	void (*destroy)(simaka_message_t *this);
  248: };
  249: 
  250: /**
  251:  * Create an empty simaka_message.
  252:  *
  253:  * @param request		TRUE for a request message, FALSE for a response
  254:  * @param identifier	EAP message identifier
  255:  * @param type			EAP type: EAP-SIM or EAP-AKA
  256:  * @param subtype		subtype of the EAP message
  257:  * @param crypto		EAP-SIM/AKA crypto helper
  258:  * @return				empty message of requested kind, NULL on error
  259:  */
  260: simaka_message_t *simaka_message_create(bool request, uint8_t identifier,
  261: 									eap_type_t type, simaka_subtype_t subtype,
  262: 									simaka_crypto_t *crypto);
  263: 
  264: /**
  265:  * Create an simaka_message from a chunk of data.
  266:  *
  267:  * @param data			message data to parse
  268:  * @param crypto		EAP-SIM/AKA crypto helper
  269:  * @return				EAP message, NULL on error
  270:  */
  271: simaka_message_t *simaka_message_create_from_payload(chunk_t data,
  272: 													 simaka_crypto_t *crypto);
  273: 
  274: #endif /** SIMAKA_MESSAGE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>