Pass SIM/AKA crypto helper to constructor of message
[strongswan.git] / src / charon / plugins / eap_sim / eap_sim_peer.c
index 1ad6698..843aa53 100644 (file)
 
 /** length of the AT_NONCE_MT/AT_NONCE_S nonce value */
 #define NONCE_LEN 16
-/** length of the AT_MAC value */
-#define MAC_LEN 16
-/** length of the AT_RAND value */
-#define RAND_LEN 16
-/** length of Kc */
-#define KC_LEN 8
-/** length of SRES */
-#define SRES_LEN 4
 
 typedef struct private_eap_sim_peer_t private_eap_sim_peer_t;
 
@@ -121,12 +113,12 @@ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this,
 
        DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code);
 
-       message = simaka_message_create(FALSE, identifier,
-                                                                       EAP_SIM, SIM_CLIENT_ERROR);
+       message = simaka_message_create(FALSE, identifier, EAP_SIM,
+                                                                       SIM_CLIENT_ERROR, this->crypto);
        encoded = htons(code);
        message->add_attribute(message, AT_CLIENT_ERROR_CODE,
                                                   chunk_create((char*)&encoded, sizeof(encoded)));
-       out = message->generate(message, this->crypto, chunk_empty);
+       out = message->generate(message, chunk_empty);
        message->destroy(message);
        return out;
 }
@@ -189,11 +181,11 @@ static status_t process_start(private_eap_sim_peer_t *this,
        free(this->nonce.ptr);
        rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
 
-       message = simaka_message_create(FALSE, in->get_identifier(in),
-                                                                       EAP_SIM, SIM_START);
+       message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+                                                                       SIM_START, this->crypto);
        message->add_attribute(message, AT_SELECTED_VERSION, version);
        message->add_attribute(message, AT_NONCE_MT, this->nonce);
-       *out = message->generate(message, this->crypto, chunk_empty);
+       *out = message->generate(message, chunk_empty);
        message->destroy(message);
 
        return NEED_MORE;
@@ -240,8 +232,8 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
 
        /* excepting two or three RAND, each 16 bytes. We require two valid
         * and different RANDs */
-       if ((rands.len != 2 * RAND_LEN && rands.len != 3 * RAND_LEN) ||
-               memeq(rands.ptr, rands.ptr + RAND_LEN, RAND_LEN))
+       if ((rands.len != 2 * SIM_RAND_LEN && rands.len != 3 * SIM_RAND_LEN) ||
+               memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
        {
                DBG1(DBG_IKE, "no valid AT_RAND received");
                *out = create_client_error(this, in->get_identifier(in),
@@ -251,7 +243,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
        /* get two or three KCs/SRESes from SIM using RANDs */
        kcs = kc = chunk_alloca(rands.len / 2);
        sreses = sres = chunk_alloca(rands.len / 4);
-       while (rands.len >= RAND_LEN)
+       while (rands.len >= SIM_RAND_LEN)
        {
                if (!get_card_triplet(this, rands.ptr, sres.ptr, kc.ptr))
                {
@@ -261,10 +253,10 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
                        return NEED_MORE;
                }
                DBG3(DBG_IKE, "got triplet for RAND %b\n  Kc %b\n  SRES %b",
-                        rands.ptr, RAND_LEN, sres.ptr, SRES_LEN, kc.ptr, KC_LEN);
-               kc = chunk_skip(kc, KC_LEN);
-               sres = chunk_skip(sres, SRES_LEN);
-               rands = chunk_skip(rands, RAND_LEN);
+                        rands.ptr, SIM_RAND_LEN, sres.ptr, SIM_SRES_LEN, kc.ptr, SIM_KC_LEN);
+               kc = chunk_skip(kc, SIM_KC_LEN);
+               sres = chunk_skip(sres, SIM_SRES_LEN);
+               rands = chunk_skip(rands, SIM_RAND_LEN);
        }
 
        data = chunk_cata("cccc", kcs, this->nonce, this->version_list, version);
@@ -272,7 +264,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
        this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
 
        /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT"  */
-       if (!in->verify(in, this->crypto, this->nonce))
+       if (!in->verify(in, this->nonce))
        {
                DBG1(DBG_IKE, "AT_MAC verification failed");
                *out = create_client_error(this, in->get_identifier(in),
@@ -281,9 +273,9 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
        }
 
        /* build response with AT_MAC, built over "EAP packet | n*SRES" */
-       message = simaka_message_create(FALSE, in->get_identifier(in),
-                                                                       EAP_SIM, SIM_CHALLENGE);
-       *out = message->generate(message, this->crypto, sreses);
+       message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+                                                                       SIM_CHALLENGE, this->crypto);
+       *out = message->generate(message, sreses);
        message->destroy(message);
        return NEED_MORE;
 }
@@ -333,9 +325,9 @@ static status_t process_notification(private_eap_sim_peer_t *this,
 
        if (success)
        {       /* empty notification reply */
-               message = simaka_message_create(FALSE, in->get_identifier(in),
-                                                                               EAP_SIM, SIM_NOTIFICATION);
-               *out = message->generate(message, this->crypto, chunk_empty);
+               message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+                                                                               SIM_NOTIFICATION, this->crypto);
+               *out = message->generate(message, chunk_empty);
                message->destroy(message);
        }
        else
@@ -355,14 +347,14 @@ static status_t process(private_eap_sim_peer_t *this,
        simaka_message_t *message;
        status_t status;
 
-       message = simaka_message_create_from_payload(in);
+       message = simaka_message_create_from_payload(in, this->crypto);
        if (!message)
        {
                *out = create_client_error(this, in->get_identifier(in),
                                                                   SIM_UNABLE_TO_PROCESS);
                return NEED_MORE;
        }
-       if (!message->parse(message, this->crypto))
+       if (!message->parse(message))
        {
                message->destroy(message);
                *out = create_client_error(this, in->get_identifier(in),