Annotation of embedaddon/strongswan/src/libsimaka/simaka_provider.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2008-2011 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup simaka_provider simaka_provider
18: * @{ @ingroup libsimaka
19: */
20:
21: #ifndef SIMAKA_PROVIDER_H_
22: #define SIMAKA_PROVIDER_H_
23:
24: typedef struct simaka_provider_t simaka_provider_t;
25:
26: #include "simaka_manager.h"
27:
28: #include <utils/identification.h>
29:
30: /**
31: * Interface for a triplet/quintuplet provider (used as EAP server).
32: *
33: * A SIM provider hands out triplets for SIM authentication and quintuplets
34: * for AKA authentication. Multiple SIM provider instances can serve as
35: * authentication backend to authenticate clients using SIM/AKA.
36: * An implementation supporting only one of SIM/AKA authentication may
37: * implement the other methods with return_false().
38: */
39: struct simaka_provider_t {
40:
41: /**
42: * Create a challenge for SIM authentication.
43: *
44: * @param id permanent identity of peer to gen triplet for
45: * @param rand RAND output buffer, fixed size 16 bytes
46: * @param sres SRES output buffer, fixed size 4 byte
47: * @param kc KC output buffer, fixed size 8 bytes
48: * @return TRUE if triplet received, FALSE otherwise
49: */
50: bool (*get_triplet)(simaka_provider_t *this, identification_t *id,
51: char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
52: char kc[SIM_KC_LEN]);
53:
54: /**
55: * Create a challenge for AKA authentication.
56: *
57: * The XRES value is the only one with variable length. Pass a buffer
58: * of at least AKA_RES_MAX, the actual number of bytes is written to the
59: * xres_len value. While the standard would allow any bit length between
60: * 32 and 128 bits, we support only full bytes for now.
61: *
62: * @param id permanent identity of peer to create challenge for
63: * @param rand buffer receiving random value rand
64: * @param xres buffer receiving expected authentication result xres
65: * @param xres_len number of bytes written to xres buffer
66: * @param ck buffer receiving encryption key ck
67: * @param ik buffer receiving integrity key ik
68: * @param autn authentication token autn
69: * @return TRUE if quintuplet generated successfully
70: */
71: bool (*get_quintuplet)(simaka_provider_t *this, identification_t *id,
72: char rand[AKA_RAND_LEN],
73: char xres[AKA_RES_MAX], int *xres_len,
74: char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
75: char autn[AKA_AUTN_LEN]);
76:
77: /**
78: * Process AKA resynchronization request of a peer.
79: *
80: * @param id permanent identity of peer requesting resynchronization
81: * @param rand random value rand
82: * @param auts synchronization parameter auts
83: * @return TRUE if resynchronized successfully
84: */
85: bool (*resync)(simaka_provider_t *this, identification_t *id,
86: char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
87:
88: /**
89: * Check if peer uses a pseudonym, get permanent identity.
90: *
91: * @param id pseudonym identity candidate
92: * @return permanent identity, NULL if id not a pseudonym
93: */
94: identification_t* (*is_pseudonym)(simaka_provider_t *this,
95: identification_t *id);
96:
97: /**
98: * Generate a pseudonym identity for a given peer identity.
99: *
100: * @param id permanent identity to generate a pseudonym for
101: * @return generated pseudonym, NULL to not use a pseudonym identity
102: */
103: identification_t* (*gen_pseudonym)(simaka_provider_t *this,
104: identification_t *id);
105:
106: /**
107: * Check if peer uses reauthentication, retrieve reauth parameters.
108: *
109: * @param id reauthentication identity (candidate)
110: * @param mk buffer receiving master key MK
111: * @param counter pointer receiving current counter value, host order
112: * @return permanent identity, NULL if id not a reauth identity
113: */
114: identification_t* (*is_reauth)(simaka_provider_t *this, identification_t *id,
115: char mk[HASH_SIZE_SHA1], uint16_t *counter);
116:
117: /**
118: * Generate a fast reauthentication identity, associated to a master key.
119: *
120: * @param id permanent peer identity
121: * @param mk master key to store along with generated identity
122: * @return fast reauthentication identity, NULL to not use reauth
123: */
124: identification_t* (*gen_reauth)(simaka_provider_t *this, identification_t *id,
125: char mk[HASH_SIZE_SHA1]);
126: };
127:
128: #endif /** SIMAKA_CARD_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to simaka_provider.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libsimaka