sim_provider_t API gained support for pseudonym/fast reauthentication
authorMartin Willi <martin@strongswan.org>
Wed, 14 Oct 2009 12:42:43 +0000 (14:42 +0200)
committerMartin Willi <martin@strongswan.org>
Thu, 12 Nov 2009 09:33:58 +0000 (10:33 +0100)
src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
src/charon/plugins/eap_sim_file/eap_sim_file_provider.c
src/charon/sa/authenticators/eap/sim_manager.h

index fe95751..ee75022 100644 (file)
@@ -187,6 +187,9 @@ eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create(
        this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
        this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet;
        this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
+       this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
+       this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false;
+       this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
        this->public.destroy = (void(*)(eap_aka_3gpp2_provider_t*))destroy;
 
        this->f = f;
index eebebdb..fc2beb3 100644 (file)
@@ -79,6 +79,9 @@ eap_sim_file_provider_t *eap_sim_file_provider_create(
        this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
        this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
        this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
+       this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
+       this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false;
+       this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
        this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy;
 
        this->triplets = triplets;
index fcc2d70..869e544 100644 (file)
@@ -146,11 +146,11 @@ struct sim_provider_t {
        /**
         * Create a challenge for SIM authentication.
         *
-        * @param imsi  client identity
-        * @param rand  RAND output buffer, fixed size 16 bytes
-        * @param sres  SRES output buffer, fixed size 4 byte
-        * @param kc    KC output buffer, fixed size 8 bytes
-        * @return              TRUE if triplet received, FALSE otherwise
+        * @param imsi          client identity
+        * @param rand          RAND output buffer, fixed size 16 bytes
+        * @param sres          SRES output buffer, fixed size 4 byte
+        * @param kc            KC output buffer, fixed size 8 bytes
+        * @return                      TRUE if triplet received, FALSE otherwise
         */
        bool (*get_triplet)(sim_provider_t *this, identification_t *imsi,
                                                char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
@@ -159,13 +159,13 @@ struct sim_provider_t {
        /**
         * Create a challenge for AKA authentication.
         *
-        * @param imsi  peer identity to create challenge for
-        * @param rand  buffer receiving random value rand
-        * @param xres  buffer receiving expected authentication result xres
-        * @param ck    buffer receiving encryption key ck
-        * @param ik    buffer receiving integrity key ik
-        * @param autn  authentication token autn
-        * @return              TRUE if quintuplet generated successfully
+        * @param imsi          peer identity to create challenge for
+        * @param rand          buffer receiving random value rand
+        * @param xres          buffer receiving expected authentication result xres
+        * @param ck            buffer receiving encryption key ck
+        * @param ik            buffer receiving integrity key ik
+        * @param autn          authentication token autn
+        * @return                      TRUE if quintuplet generated successfully
         */
        bool (*get_quintuplet)(sim_provider_t *this, identification_t *imsi,
                                                   char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN],
@@ -175,13 +175,43 @@ struct sim_provider_t {
        /**
         * Process AKA resynchroniusation request of a peer.
         *
-        * @param imsi  peer identity requesting resynchronisation
-        * @param rand  random value rand
-        * @param auts  synchronization parameter auts
-        * @return              TRUE if resynchronized successfully
+        * @param imsi          peer identity requesting resynchronisation
+        * @param rand          random value rand
+        * @param auts          synchronization parameter auts
+        * @return                      TRUE if resynchronized successfully
         */
        bool (*resync)(sim_provider_t *this, identification_t *imsi,
                                   char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
+
+       /**
+        * Generate a pseudonym identitiy for a given peer identity.
+        *
+        * @param id            peer identity to generate a pseudonym for
+        * @return                      generated pseudonym, NULL to not use a pseudonym identity
+        */
+       identification_t* (*gen_pseudonym)(sim_provider_t *this,
+                                                                          identification_t *id);
+
+       /**
+        * Check if peer uses reauthentication, retrieve parameters if so.
+        *
+        * @param id            peer identity, candidate for a reauthentication identity
+        * @param mk            buffer receiving master key MK
+        * @param counter       pointer receiving current counter value, host order
+        * @return                      TRUE if id is a fast reauthentication identity
+        */
+       bool (*is_reauth)(sim_provider_t *this, identification_t *id,
+                                         char mk[HASH_SIZE_SHA1], u_int16_t *counter);
+
+       /**
+        * Generate a fast reauthentication identity, associated to a master key.
+        *
+        * @param id            previously used reauthentication/pseudo/permanent id
+        * @param mk            master key to store to generated identity
+        * @return                      fast reauthentication identity, NULL to not use reauth
+        */
+       identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id,
+                                                                       char mk[HASH_SIZE_SHA1]);
 };
 
 /**