projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use the EAP-SIM/AKA crypto helper in EAP-SIM
[strongswan.git] / src / libsimaka / simaka_message.h
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup simaka_message simaka_message
18 * @{ @ingroup libsimaka
19 */
20
21 #ifndef SIMAKA_MESSAGE_H_
22 #define SIMAKA_MESSAGE_H_
23
24 #include <enum.h>
25 #include <daemon.h>
26
27 #include "simaka_crypto.h"
28
29 typedef struct simaka_message_t simaka_message_t;
30 typedef enum simaka_attribute_t simaka_attribute_t;
31 typedef enum simaka_subtype_t simaka_subtype_t;
32
33 /**
34 * Subtypes of EAP-SIM/AKA messages
35 */
36 enum simaka_subtype_t {
37 AKA_CHALLENGE = 1,
38 AKA_AUTHENTICATION_REJECT = 2,
39 AKA_SYNCHRONIZATION_FAILURE = 4,
40 AKA_IDENTITY = 5,
41 SIM_START = 10,
42 SIM_CHALLENGE = 11,
43 SIM_NOTIFICATION = 12,
44 AKA_NOTIFICATION = 12,
45 SIM_REAUTHENTICATION = 13,
46 AKA_REAUTHENTICATION = 13,
47 SIM_CLIENT_ERROR = 14,
48 AKA_CLIENT_ERROR = 14,
49 };
50
51 /**
52 * Enum names for simaka_subtype_t
53 */
54 extern enum_name_t *simaka_subtype_names;
55
56 /**
57 * Attributes in EAP-SIM/AKA messages
58 */
59 enum simaka_attribute_t {
60 AT_RAND = 1,
61 AT_AUTN = 2,
62 AT_RES = 3,
63 AT_AUTS = 4,
64 AT_PADDING = 6,
65 AT_NONCE_MT = 7,
66 AT_PERMANENT_ID_REQ = 10,
67 AT_MAC = 11,
68 AT_NOTIFICATION = 12,
69 AT_ANY_ID_REQ = 13,
70 AT_IDENTITY = 14,
71 AT_VERSION_LIST = 15,
72 AT_SELECTED_VERSION = 16,
73 AT_FULLAUTH_ID_REQ = 17,
74 AT_COUNTER = 19,
75 AT_COUNTER_TOO_SMALL = 20,
76 AT_NONCE_S = 21,
77 AT_CLIENT_ERROR_CODE = 22,
78 AT_IV = 129,
79 AT_ENCR_DATA = 130,
80 AT_NEXT_PSEUDONYM = 132,
81 AT_NEXT_REAUTH_ID = 133,
82 AT_CHECKCODE = 134,
83 AT_RESULT_IND = 135,
84 };
85
86 /**
87 * Enum names for simaka_attribute_t
88 */
89 extern enum_name_t *simaka_attribute_names;
90
91 /**
92 * EAP-SIM and EAP-AKA message abstraction.
93 *
94 * Messages for EAP-SIM and EAP-AKA share a common format, this class
95 * abstracts such a message and provides encoding/encryption/signing
96 * functionality.
97 */
98 struct simaka_message_t {
99
100 /**
101 * Check if the given message is a request or response.
102 *
103 * @return TRUE if request, FALSE if response
104 */
105 bool (*is_request)(simaka_message_t *this);
106
107 /**
108 * Get the EAP message identifier.
109 *
110 * @return EAP message identifier
111 */
112 u_int8_t (*get_identifier)(simaka_message_t *this);
113
114 /**
115 * Get the EAP type of the message.
116 *
117 * @return EAP type: EAP-SIM or EAP-AKA
118 */
119 eap_type_t (*get_type)(simaka_message_t *this);
120
121 /**
122 * Get the subtype of an EAP-SIM message.
123 *
124 * @return subtype of message
125 */
126 simaka_subtype_t (*get_subtype)(simaka_message_t *this);
127
128 /**
129 * Create an enumerator over message attributes.
130 *
131 * @return enumerator over (simaka_attribute_t, chunk_t)
132 */
133 enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this);
134
135 /**
136 * Append an attribute to the EAP-SIM message.
137 *
138 * Make sure to pass only data of correct length for the given attribute.
139 *
140 * @param type type of attribute to add to message
141 * @param data unpadded attribute data to add
142 */
143 void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type,
144 chunk_t data);
145
146 /**
147 * Parse a message, with optional attribute decryption.
148 *
149 * This method does not verify message integrity, as the key is available
150 * only after the payload has been parsed.
151 *
152 * @param crypto EAP-SIM/AKA crypto helper
153 * @return TRUE if message parsed successfully
154 */
155 bool (*parse)(simaka_message_t *this, simaka_crypto_t *crypto);
156
157 /**
158 * Verify the message integrity of a parsed message.
159 *
160 * @param crypto EAP-SIM/AKA crypto helper
161 * @param sigdata additional data to include in signature, if any
162 * @return TRUE if message integrity check successful
163 */
164 bool (*verify)(simaka_message_t *this, simaka_crypto_t *crypto,
165 chunk_t sigdata);
166
167 /**
168 * Generate a message, optionally encrypt attributes and create a MAC.
169 *
170 * @param crypto EAP-SIM/AKA crypto helper
171 * @param sigdata additional data to include in signature, if any
172 * @return generated eap payload, NULL if failed
173 */
174 eap_payload_t* (*generate)(simaka_message_t *this, simaka_crypto_t *crypto,
175 chunk_t sigdata);
176
177 /**
178 * Destroy a simaka_message_t.
179 */
180 void (*destroy)(simaka_message_t *this);
181 };
182
183 /**
184 * Create an empty simaka_message.
185 *
186 * @param request TRUE for a request message, FALSE for a response
187 * @param identifier EAP message identifier
188 * @param type EAP subtype of the message
189 * @return empty message of requested kind, NULL on error
190 */
191 simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
192 eap_type_t type, simaka_subtype_t subtype);
193
194 /**
195 * Create an simaka_message from a chunk of data.
196 *
197 * @param payload payload to create message from
198 * @return EAP message, NULL on error
199 */
200 simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload);
201
202 #endif /* SIMAKA_MESSAGE_H_ @}*/
strongSwan - IPsec VPN