Added a libsimaka library with shared message handling code for EAP-SIM/AKA
[strongswan.git] / src / libsimaka / simaka_message.h
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup simaka_message simaka_message
18 * @{ @ingroup libsimaka
19 */
20
21 #ifndef SIMAKA_MESSAGE_H_
22 #define SIMAKA_MESSAGE_H_
23
24 #include <daemon.h>
25 #include <enum.h>
26
27 typedef struct simaka_message_t simaka_message_t;
28 typedef enum simaka_attribute_t simaka_attribute_t;
29 typedef enum simaka_subtype_t simaka_subtype_t;
30
31 /**
32 * Subtypes of EAP-SIM/AKA messages
33 */
34 enum simaka_subtype_t {
35 AKA_CHALLENGE = 1,
36 AKA_AUTHENTICATION_REJECT = 2,
37 AKA_SYNCHRONIZATION_FAILURE = 4,
38 AKA_IDENTITY = 5,
39 SIM_START = 10,
40 SIM_CHALLENGE = 11,
41 SIM_NOTIFICATION = 12,
42 AKA_NOTIFICATION = 12,
43 SIM_REAUTHENTICATION = 13,
44 AKA_REAUTHENTICATION = 13,
45 SIM_CLIENT_ERROR = 14,
46 AKA_CLIENT_ERROR = 14,
47 };
48
49 /**
50 * Enum names for simaka_subtype_t
51 */
52 extern enum_name_t *simaka_subtype_names;
53
54 /**
55 * Attributes in EAP-SIM/AKA messages
56 */
57 enum simaka_attribute_t {
58 AT_RAND = 1,
59 AT_AUTN = 2,
60 AT_RES = 3,
61 AT_AUTS = 4,
62 AT_PADDING = 6,
63 AT_NONCE_MT = 7,
64 AT_PERMANENT_ID_REQ = 10,
65 AT_MAC = 11,
66 AT_NOTIFICATION = 12,
67 AT_ANY_ID_REQ = 13,
68 AT_IDENTITY = 14,
69 AT_VERSION_LIST = 15,
70 AT_SELECTED_VERSION = 16,
71 AT_FULLAUTH_ID_REQ = 17,
72 AT_COUNTER = 19,
73 AT_COUNTER_TOO_SMALL = 20,
74 AT_NONCE_S = 21,
75 AT_CLIENT_ERROR_CODE = 22,
76 AT_IV = 129,
77 AT_ENCR_DATA = 130,
78 AT_NEXT_PSEUDONYM = 132,
79 AT_NEXT_REAUTH_ID = 133,
80 AT_CHECKCODE = 134,
81 AT_RESULT_IND = 135,
82 };
83
84 /**
85 * Enum names for simaka_attribute_t
86 */
87 extern enum_name_t *simaka_attribute_names;
88
89 /**
90 * EAP-SIM and EAP-AKA message abstraction.
91 *
92 * Messages for EAP-SIM and EAP-AKA share a common format, this class
93 * abstracts such a message and provides encoding/encryption/signing
94 * functionality.
95 */
96 struct simaka_message_t {
97
98 /**
99 * Check if the given message is a request or response.
100 *
101 * @return TRUE if request, FALSE if response
102 */
103 bool (*is_request)(simaka_message_t *this);
104
105 /**
106 * Get the EAP message identifier.
107 *
108 * @return EAP message identifier
109 */
110 u_int8_t (*get_identifier)(simaka_message_t *this);
111
112 /**
113 * Get the EAP type of the message.
114 *
115 * @return EAP type: EAP-SIM or EAP-AKA
116 */
117 eap_type_t (*get_type)(simaka_message_t *this);
118
119 /**
120 * Get the subtype of an EAP-SIM message.
121 *
122 * @return subtype of message
123 */
124 simaka_subtype_t (*get_subtype)(simaka_message_t *this);
125
126 /**
127 * Create an enumerator over message attributes.
128 *
129 * @return enumerator over (simaka_attribute_t, chunk_t)
130 */
131 enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this);
132
133 /**
134 * Append an attribute to the EAP-SIM message.
135 *
136 * Make sure to pass only data of correct length for the given attribute.
137 *
138 * @param type type of attribute to add to message
139 * @param data unpadded attribute data to add
140 */
141 void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type,
142 chunk_t data);
143
144 /**
145 * Parse a message, with optional attribute decryption.
146 *
147 * This method does not verify message integrity, as the key is available
148 * only after the payload has been parsed.
149 *
150 * @param crypter crypter to decrypt AT_ENCR_DATA attribute
151 * @return TRUE if message parsed successfully
152 */
153 bool (*parse)(simaka_message_t *this, crypter_t *crypter);
154
155 /**
156 * Verify the message integrity of a parsed message.
157 *
158 * @param signer signer to verify AT_MAC attribute
159 * @param sigdata additional data to include in signature, if any
160 * @return TRUE if message integrity check successful
161 */
162 bool (*verify)(simaka_message_t *this, signer_t *signer, chunk_t sigdata);
163
164 /**
165 * Generate a message, optionally encrypt attributes and create a MAC.
166 *
167 * @param crypter crypter to encrypt attributes requiring encryption
168 * @param rng random number generator for IV
169 * @param signer signer to create AT_MAC attribute
170 * @param sigdata additional data to include in signature, if any
171 * @return generated eap payload, NULL if failed
172 */
173 eap_payload_t* (*generate)(simaka_message_t *this, crypter_t *crypter,
174 rng_t *rng, signer_t *signer, chunk_t sigdata);
175
176 /**
177 * Destroy a simaka_message_t.
178 */
179 void (*destroy)(simaka_message_t *this);
180 };
181
182 /**
183 * Create an empty simaka_message.
184 *
185 * @param request TRUE for a request message, FALSE for a response
186 * @param identifier EAP message identifier
187 * @param type EAP subtype of the message
188 * @return empty message of requested kind, NULL on error
189 */
190 simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
191 eap_type_t type, simaka_subtype_t subtype);
192
193 /**
194 * Create an simaka_message from a chunk of data.
195 *
196 * @param payload payload to create message from
197 * @return EAP message, NULL on error
198 */
199 simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload);
200
201 #endif /* SIMAKA_MESSAGE_H_ @}*/