DBG1(DBG_IKE, "sending client error '%N'",
simaka_client_error_names, AKA_UNABLE_TO_PROCESS);
- message = simaka_message_create(FALSE, identifier,
- EAP_AKA, AKA_CLIENT_ERROR);
+ message = simaka_message_create(FALSE, identifier, EAP_AKA,
+ AKA_CLIENT_ERROR, this->crypto);
encoded = htons(AKA_UNABLE_TO_PROCESS);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
chunk_create((char*)&encoded, sizeof(encoded)));
- out = message->generate(message, this->crypto, chunk_empty);
+ out = message->generate(message, chunk_empty);
message->destroy(message);
return out;
}
{
DBG1(DBG_IKE, "received SQN invalid, sending %N",
simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE);
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_AKA, AKA_SYNCHRONIZATION_FAILURE);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ AKA_SYNCHRONIZATION_FAILURE, this->crypto);
message->add_attribute(message, AT_AUTS,
chunk_create(auts, AKA_AUTS_LEN));
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
return NEED_MORE;
}
{
DBG1(DBG_IKE, "no USIM found with quintuplets for '%Y', sending %N",
this->peer, simaka_subtype_names, AKA_AUTHENTICATION_REJECT);
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_AKA, AKA_AUTHENTICATION_REJECT);
- *out = message->generate(message, this->crypto, chunk_empty);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ AKA_AUTHENTICATION_REJECT, this->crypto);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
return NEED_MORE;
}
this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
/* verify EAP message MAC AT_MAC */
- if (!in->verify(in, this->crypto, chunk_empty))
+ if (!in->verify(in, chunk_empty))
{
DBG1(DBG_IKE, "AT_MAC verification failed ");
*out = create_client_error(this, in->get_identifier(in));
return NEED_MORE;
}
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_AKA, AKA_CHALLENGE);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ AKA_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RES, chunk_create(res, AKA_RES_LEN));
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
return NEED_MORE;
}
}
enumerator->destroy(enumerator);
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_AKA, AKA_IDENTITY);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ AKA_IDENTITY, this->crypto);
message->add_attribute(message, AT_IDENTITY,
this->peer->get_encoding(this->peer));
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
return NEED_MORE;
}
if (success)
{ /* empty notification reply */
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_AKA, AKA_NOTIFICATION);
- *out = message->generate(message, this->crypto, chunk_empty);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ AKA_NOTIFICATION, this->crypto);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
}
else
simaka_message_t *message;
status_t status;
- message = simaka_message_create_from_payload(in);
+ message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
*out = create_client_error(this, in->get_identifier(in));
return NEED_MORE;
}
- if (!message->parse(message, this->crypto))
+ if (!message->parse(message))
{
message->destroy(message);
*out = create_client_error(this, in->get_identifier(in));
this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
this->xres = chunk_clone(chunk_create(xres, AKA_RES_LEN));
- message = simaka_message_create(TRUE, this->identifier++,
- EAP_AKA, AKA_CHALLENGE);
+ message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
+ AKA_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RAND, this->rand);
message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN));
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
this->pending = AKA_CHALLENGE;
enumerator->destroy(enumerator);
/* verify MAC of EAP message, AT_MAC */
- if (!in->verify(in, this->crypto, chunk_empty))
+ if (!in->verify(in, chunk_empty))
{
DBG1(DBG_IKE, "AT_MAC verification failed");
return FAILED;
simaka_message_t *message;
status_t status;
- message = simaka_message_create_from_payload(in);
+ message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
return FAILED;
}
- if (!message->parse(message, this->crypto))
+ if (!message->parse(message))
{
message->destroy(message);
return FAILED;
DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code);
- message = simaka_message_create(FALSE, identifier,
- EAP_SIM, SIM_CLIENT_ERROR);
+ message = simaka_message_create(FALSE, identifier, EAP_SIM,
+ SIM_CLIENT_ERROR, this->crypto);
encoded = htons(code);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
chunk_create((char*)&encoded, sizeof(encoded)));
- out = message->generate(message, this->crypto, chunk_empty);
+ out = message->generate(message, chunk_empty);
message->destroy(message);
return out;
}
free(this->nonce.ptr);
rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_SIM, SIM_START);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ SIM_START, this->crypto);
message->add_attribute(message, AT_SELECTED_VERSION, version);
message->add_attribute(message, AT_NONCE_MT, this->nonce);
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
return NEED_MORE;
this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
/* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT" */
- if (!in->verify(in, this->crypto, this->nonce))
+ if (!in->verify(in, this->nonce))
{
DBG1(DBG_IKE, "AT_MAC verification failed");
*out = create_client_error(this, in->get_identifier(in),
}
/* build response with AT_MAC, built over "EAP packet | n*SRES" */
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_SIM, SIM_CHALLENGE);
- *out = message->generate(message, this->crypto, sreses);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ SIM_CHALLENGE, this->crypto);
+ *out = message->generate(message, sreses);
message->destroy(message);
return NEED_MORE;
}
if (success)
{ /* empty notification reply */
- message = simaka_message_create(FALSE, in->get_identifier(in),
- EAP_SIM, SIM_NOTIFICATION);
- *out = message->generate(message, this->crypto, chunk_empty);
+ message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ SIM_NOTIFICATION, this->crypto);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
}
else
simaka_message_t *message;
status_t status;
- message = simaka_message_create_from_payload(in);
+ message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
*out = create_client_error(this, in->get_identifier(in),
SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
- if (!message->parse(message, this->crypto))
+ if (!message->parse(message))
{
message->destroy(message);
*out = create_client_error(this, in->get_identifier(in),
this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
/* build response with AT_MAC, built over "EAP packet | NONCE_MT" */
- message = simaka_message_create(TRUE, this->identifier++,
- EAP_SIM, SIM_CHALLENGE);
+ message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
+ SIM_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RAND, rands);
- *out = message->generate(message, this->crypto, nonce);
+ *out = message->generate(message, nonce);
message->destroy(message);
this->pending = SIM_CHALLENGE;
enumerator->destroy(enumerator);
/* verify AT_MAC attribute, signature is over "EAP packet | n*SRES" */
- if (!in->verify(in, this->crypto, this->sreses))
+ if (!in->verify(in, this->sreses))
{
DBG1(DBG_IKE, "AT_MAC verification failed");
return FAILED;
simaka_message_t *message;
status_t status;
- message = simaka_message_create_from_payload(in);
+ message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
return FAILED;
}
- if (!message->parse(message, this->crypto))
+ if (!message->parse(message))
{
message->destroy(message);
return FAILED;
{
simaka_message_t *message;
- message = simaka_message_create(TRUE, this->identifier++,
- EAP_SIM, SIM_START);
+ message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
+ SIM_START, this->crypto);
message->add_attribute(message, AT_VERSION_LIST, version);
- *out = message->generate(message, this->crypto, chunk_empty);
+ *out = message->generate(message, chunk_empty);
message->destroy(message);
this->pending = SIM_START;
bool encrypted;
/**
- * Phase a NOTIFICATION is sent within */
+ * crypto helper
+ */
+ simaka_crypto_t *crypto;
+
+ /**
+ * Phase a NOTIFICATION is sent within
+ */
bool p_bit;
/**
/**
* Implementation of simaka_message_t.parse
*/
-static bool parse(private_simaka_message_t *this, simaka_crypto_t *crypto,
- chunk_t sigdata)
+static bool parse(private_simaka_message_t *this, chunk_t sigdata)
{
chunk_t in, iv = chunk_empty, encr = chunk_empty;
eap_type_names, this->hdr->type);
return FALSE;
}
- crypter = crypto->get_crypter(crypto);
+ crypter = this->crypto->get_crypter(this->crypto);
if (!crypter)
{
DBG1(DBG_IKE, "%N message contains unexpected encrypted data",
crypter->decrypt(crypter, encr, iv, NULL);
this->encrypted = TRUE;
- success = parse(this, crypto, chunk_empty);
+ success = parse(this, chunk_empty);
this->encrypted = FALSE;
return success;
}
/**
* Implementation of simaka_message_t.verify
*/
-static bool verify(private_simaka_message_t *this,
- simaka_crypto_t *crypto, chunk_t sigdata)
+static bool verify(private_simaka_message_t *this, chunk_t sigdata)
{
chunk_t data, backup;
signer_t *signer;
- signer = crypto->get_signer(crypto);
+ signer = this->crypto->get_signer(this->crypto);
switch (this->hdr->subtype)
{
/**
* Implementation of simaka_message_t.generate
*/
-static eap_payload_t* generate(private_simaka_message_t *this,
- simaka_crypto_t *crypto, chunk_t sigdata)
+static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
{
/* buffers large enough for messages we generate */
char out_buf[1024], encr_buf[512];
crypter_t *crypter;
rng_t *rng;
- crypter = crypto->get_crypter(crypto);
+ crypter = this->crypto->get_crypter(this->crypto);
encr = chunk_create(encr_buf, sizeof(encr_buf) - encr.len);
bs = crypter->get_block_size(crypter);
memset(out.ptr + 2, 0, 2);
out = chunk_skip(out, 4);
- rng = crypto->get_rng(crypto);
+ rng = this->crypto->get_rng(this->crypto);
rng->get_bytes(rng, bs, out.ptr);
iv = chunk_clonea(chunk_create(out.ptr, bs));
}
/* include MAC ? */
- signer = crypto->get_signer(crypto);
+ signer = this->crypto->get_signer(this->crypto);
switch (this->hdr->subtype)
{
case SIM_CHALLENGE:
/**
* Generic constructor.
*/
-static simaka_message_t *simaka_message_create_data(chunk_t data)
+static simaka_message_t *simaka_message_create_data(chunk_t data,
+ simaka_crypto_t *crypto)
{
private_simaka_message_t *this;
hdr_t *hdr = (hdr_t*)data.ptr;
this->attributes = linked_list_create();
this->encrypted = FALSE;
+ this->crypto = crypto;
this->p_bit = TRUE;
this->mac = chunk_empty;
this->hdr = malloc(data.len);
/**
* See header.
*/
-simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload)
+simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload,
+ simaka_crypto_t *crypto)
{
- return simaka_message_create_data(payload->get_data(payload));
+ return simaka_message_create_data(payload->get_data(payload), crypto);
}
/**
* See header.
*/
simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
- eap_type_t type, simaka_subtype_t subtype)
+ eap_type_t type, simaka_subtype_t subtype,
+ simaka_crypto_t *crypto)
{
hdr_t hdr = {
.code = request ? EAP_REQUEST : EAP_RESPONSE,
.type = type,
.subtype = subtype,
};
- return simaka_message_create_data(chunk_create((char*)&hdr, sizeof(hdr)));
+ return simaka_message_create_data(chunk_create((char*)&hdr, sizeof(hdr)),
+ crypto);
}
* @param crypto EAP-SIM/AKA crypto helper
* @return TRUE if message parsed successfully
*/
- bool (*parse)(simaka_message_t *this, simaka_crypto_t *crypto);
+ bool (*parse)(simaka_message_t *this);
/**
* Verify the message integrity of a parsed message.
* @param sigdata additional data to include in signature, if any
* @return TRUE if message integrity check successful
*/
- bool (*verify)(simaka_message_t *this, simaka_crypto_t *crypto,
- chunk_t sigdata);
+ bool (*verify)(simaka_message_t *this, chunk_t sigdata);
/**
* Generate a message, optionally encrypt attributes and create a MAC.
*
- * @param crypto EAP-SIM/AKA crypto helper
* @param sigdata additional data to include in signature, if any
* @return generated eap payload, NULL if failed
*/
- eap_payload_t* (*generate)(simaka_message_t *this, simaka_crypto_t *crypto,
- chunk_t sigdata);
+ eap_payload_t* (*generate)(simaka_message_t *this, chunk_t sigdata);
/**
* Destroy a simaka_message_t.
* @param identifier EAP message identifier
* @param type EAP type: EAP-SIM or EAP-AKA
* @param subtype subtype of the EAP message
+ * @param crypto EAP-SIM/AKA crypto helper
* @return empty message of requested kind, NULL on error
*/
simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
- eap_type_t type, simaka_subtype_t subtype);
+ eap_type_t type, simaka_subtype_t subtype,
+ simaka_crypto_t *crypto);
/**
* Create an simaka_message from a chunk of data.
*
* @param payload payload to create message from
+ * @param crypto EAP-SIM/AKA crypto helper
* @return EAP message, NULL on error
*/
-simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload);
+simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload,
+ simaka_crypto_t *crypto);
#endif /** SIMAKA_MESSAGE_H_ @}*/
projects / strongswan.git / commitdiff