aa2eabc432b9e3efd0443a298175a1fcd23dd336
[strongswan.git] / src / charon / plugins / eap_sim_file / eap_sim_file_provider.c
1 /*
2 * Copyright (C) 2008-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "eap_sim_file_provider.h"
17
18 #include <daemon.h>
19 #include <utils/hashtable.h>
20
21 typedef struct private_eap_sim_file_provider_t private_eap_sim_file_provider_t;
22
23 /**
24 * Private data of an eap_sim_file_provider_t object.
25 */
26 struct private_eap_sim_file_provider_t {
27
28 /**
29 * Public eap_sim_file_provider_t interface.
30 */
31 eap_sim_file_provider_t public;
32
33 /**
34 * source of triplets
35 */
36 eap_sim_file_triplets_t *triplets;
37
38 /**
39 * Permanent -> pseudonym mappings
40 */
41 hashtable_t *pseudonym;
42
43 /**
44 * Permanent -> reauth_data_t mappings
45 */
46 hashtable_t *reauth;
47
48 /**
49 * Reverse pseudonym/reauth -> permanent mappings
50 */
51 hashtable_t *permanent;
52
53 /**
54 * RNG for pseudonyms/reauth identities
55 */
56 rng_t *rng;
57 };
58
59 typedef struct {
60 /** currently used reauthentication identity */
61 identification_t *id;
62 /** counter value */
63 u_int16_t counter;
64 /** master key */
65 char mk[HASH_SIZE_SHA1];
66 } reauth_data_t;
67
68 /**
69 * hashtable hash function
70 */
71 static u_int hash(identification_t *key)
72 {
73 return chunk_hash(key->get_encoding(key));
74 }
75
76 /**
77 * hashtable equals function
78 */
79 static bool equals(identification_t *key1, identification_t *key2)
80 {
81 return key1->equals(key1, key2);
82 }
83
84 /**
85 * Implementation of sim_provider_t.get_triplet
86 */
87 static bool get_triplet(private_eap_sim_file_provider_t *this,
88 identification_t *id, char *rand, char *sres, char *kc)
89 {
90 enumerator_t *enumerator;
91 identification_t *cand;
92 char *c_rand, *c_sres, *c_kc;
93
94 enumerator = this->triplets->create_enumerator(this->triplets);
95 while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc))
96 {
97 if (id->matches(id, cand))
98 {
99 memcpy(rand, c_rand, SIM_RAND_LEN);
100 memcpy(sres, c_sres, SIM_SRES_LEN);
101 memcpy(kc, c_kc, SIM_KC_LEN);
102 enumerator->destroy(enumerator);
103 return TRUE;
104 }
105 }
106 enumerator->destroy(enumerator);
107 return FALSE;
108 }
109
110 /**
111 * Implementation of sim_provider_t.is_pseudonym
112 */
113 static identification_t* is_pseudonym(private_eap_sim_file_provider_t *this,
114 identification_t *id)
115 {
116 identification_t *permanent;
117
118 permanent = this->permanent->get(this->permanent, id);
119 if (permanent)
120 {
121 return permanent->clone(permanent);
122 }
123 return NULL;
124 }
125
126 /**
127 * Generate a random identity
128 */
129 static identification_t *gen_identity(private_eap_sim_file_provider_t *this)
130 {
131 char buf[8], hex[sizeof(buf) * 2 + 1];
132
133 this->rng->get_bytes(this->rng, sizeof(buf), buf);
134 chunk_to_hex(chunk_create(buf, sizeof(buf)), hex, FALSE);
135
136 return identification_create_from_string(hex);
137 }
138
139 /**
140 * Implementation of sim_provider_t.get_pseudonym
141 */
142 static identification_t* gen_pseudonym(private_eap_sim_file_provider_t *this,
143 identification_t *id)
144 {
145 identification_t *pseudonym, *permanent;
146
147 /* remove old entry */
148 pseudonym = this->pseudonym->remove(this->pseudonym, id);
149 if (pseudonym)
150 {
151 permanent = this->permanent->remove(this->permanent, pseudonym);
152 if (permanent)
153 {
154 permanent->destroy(permanent);
155 }
156 pseudonym->destroy(pseudonym);
157 }
158
159 pseudonym = gen_identity(this);
160
161 /* create new entries */
162 id = id->clone(id);
163 this->pseudonym->put(this->pseudonym, id, pseudonym);
164 this->permanent->put(this->permanent, pseudonym, id);
165
166 return pseudonym->clone(pseudonym);
167 }
168
169 /**
170 * Implementation of sim_provider_t.is_reauth
171 */
172 static identification_t *is_reauth(private_eap_sim_file_provider_t *this,
173 identification_t *id, char mk[HASH_SIZE_SHA1],
174 u_int16_t *counter)
175 {
176 identification_t *permanent;
177 reauth_data_t *data;
178
179 /* look up permanent identity */
180 permanent = this->permanent->get(this->permanent, id);
181 if (!permanent)
182 {
183 return NULL;
184 }
185 /* look up reauthentication data */
186 data = this->reauth->get(this->reauth, permanent);
187 if (!data)
188 {
189 return NULL;
190 }
191 *counter = ++data->counter;
192 memcpy(mk, data->mk, HASH_SIZE_SHA1);
193 return permanent->clone(permanent);
194 }
195
196 /**
197 * Implementation of sim_provider_t.gen_reauth
198 */
199 static identification_t *gen_reauth(private_eap_sim_file_provider_t *this,
200 identification_t *id, char mk[HASH_SIZE_SHA1])
201 {
202 reauth_data_t *data;
203 identification_t *permanent;
204
205 data = this->reauth->get(this->reauth, id);
206 id = id->clone(id);
207 if (data)
208 { /* update existing entry */
209 permanent = this->permanent->remove(this->permanent, data->id);
210 if (permanent)
211 {
212 permanent->destroy(permanent);
213 }
214 data->id->destroy(data->id);
215 }
216 else
217 { /* generate new entry */
218 data = malloc_thing(reauth_data_t);
219 data->counter = 0;
220 this->reauth->put(this->reauth, id, data);
221 }
222 memcpy(data->mk, mk, HASH_SIZE_SHA1);
223 data->id = gen_identity(this);
224
225 this->permanent->put(this->permanent, data->id, id);
226
227 return data->id->clone(data->id);
228 }
229
230 /**
231 * Implementation of eap_sim_file_provider_t.destroy.
232 */
233 static void destroy(private_eap_sim_file_provider_t *this)
234 {
235 enumerator_t *enumerator;
236 identification_t *id;
237 reauth_data_t *data;
238 void *key;
239
240 enumerator = this->pseudonym->create_enumerator(this->pseudonym);
241 while (enumerator->enumerate(enumerator, &key, &id))
242 {
243 id->destroy(id);
244 }
245 enumerator->destroy(enumerator);
246
247 enumerator = this->permanent->create_enumerator(this->permanent);
248 while (enumerator->enumerate(enumerator, &key, &id))
249 {
250 id->destroy(id);
251 }
252 enumerator->destroy(enumerator);
253
254 enumerator = this->reauth->create_enumerator(this->reauth);
255 while (enumerator->enumerate(enumerator, &key, &data))
256 {
257 data->id->destroy(data->id);
258 free(data);
259 }
260 enumerator->destroy(enumerator);
261
262 this->pseudonym->destroy(this->pseudonym);
263 this->permanent->destroy(this->permanent);
264 this->reauth->destroy(this->reauth);
265 this->rng->destroy(this->rng);
266 free(this);
267 }
268
269 /**
270 * See header
271 */
272 eap_sim_file_provider_t *eap_sim_file_provider_create(
273 eap_sim_file_triplets_t *triplets)
274 {
275 private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t);
276
277 this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
278 this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
279 this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
280 this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))is_pseudonym;
281 this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))gen_pseudonym;
282 this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))is_reauth;
283 this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))gen_reauth;
284 this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy;
285
286 this->triplets = triplets;
287 this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
288 if (!this->rng)
289 {
290 free(this);
291 return NULL;
292 }
293 this->pseudonym = hashtable_create((void*)hash, (void*)equals, 0);
294 this->permanent = hashtable_create((void*)hash, (void*)equals, 0);
295 this->reauth = hashtable_create((void*)hash, (void*)equals, 0);
296
297 return &this->public;
298 }
299