Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
[strongswan.git] / src / charon / plugins / eap_aka_3gpp2 / eap_aka_3gpp2_plugin.h
1 /*
2 * Copyright (C) 2008-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup eap_aka_3gpp2 eap_aka_3gpp2
18 * @ingroup cplugins
19 *
20 * @defgroup eap_aka_3gpp2_plugin eap_aka_3gpp2_plugin
21 * @{ @ingroup eap_aka_3gpp2
22 */
23
24 #ifndef EAP_AKA_3GPP2_PLUGIN_H_
25 #define EAP_AKA_3GPP2_PLUGIN_H_
26
27 #include <plugins/plugin.h>
28
29 typedef struct eap_aka_3gpp2_plugin_t eap_aka_3gpp2_plugin_t;
30
31 /**
32 * Plugin to provide a USIM card/provider using the 3GPP2 (S.S0055) standard.
33 *
34 * This plugin implements the standard of the 3GPP2 (S.S0055) and not the one
35 * of 3GGP, completely in software using the libgmp library..
36 * The shared key used for authentication is from ipsec.secrets. The
37 * peers ID is used to query it.
38 * The AKA mechanism uses sequence numbers to detect replay attacks. The
39 * peer stores the sequence number normally in a USIM and accepts
40 * incremental sequence numbers (incremental for lifetime of the USIM). To
41 * prevent a complex sequence number management, this implementation uses
42 * a sequence number derived from time. It is initialized to the startup
43 * time of the daemon.
44 * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept
45 * any SEQ numbers. This allows an attacker to do replay attacks. But since
46 * the server has proven his identity via IKE, such an attack is only
47 * possible between server and AAA (if any).
48 */
49 struct eap_aka_3gpp2_plugin_t {
50
51 /**
52 * implements plugin interface
53 */
54 plugin_t plugin;
55 };
56
57 /**
58 * Create a eap_aka_3gpp2_plugin instance.
59 */
60 plugin_t *plugin_create();
61
62 #endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/