sim_card_t API gained support for pseudonym/fast reauthentication
authorMartin Willi <martin@strongswan.org>
Wed, 14 Oct 2009 11:35:35 +0000 (13:35 +0200)
committerMartin Willi <martin@strongswan.org>
Thu, 12 Nov 2009 09:33:58 +0000 (10:33 +0100)
src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
src/charon/plugins/eap_sim_file/eap_sim_file_card.c
src/charon/sa/authenticators/eap/sim_manager.h

index 2275325..07d206e 100644 (file)
@@ -154,6 +154,10 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f)
        this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
        this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
        this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
+       this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null;
+       this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))nop;
+       this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
+       this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
        this->public.destroy = (void(*)(eap_aka_3gpp2_card_t*))destroy;
 
        this->f = f;
index d9e386b..95ce383 100644 (file)
@@ -94,6 +94,10 @@ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets)
        this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
        this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
        this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
+       this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null;
+       this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))nop;
+       this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
+       this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
        this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy;
 
        this->triplets = triplets;
index d8d747a..fcc2d70 100644 (file)
@@ -52,11 +52,11 @@ struct sim_card_t {
        /**
         * Calculate SRES/KC from a RAND for SIM authentication.
         *
-        * @param imsi  identity to get a triplet for
-        * @param rand  RAND input buffer, fixed size 16 bytes
-        * @param sres  SRES output buffer, fixed size 4 byte
-        * @param kc    KC output buffer, fixed size 8 bytes
-        * @return              TRUE if SRES/KC calculated, FALSE on error/wrong identity
+        * @param imsi          identity to get a triplet for
+        * @param rand          RAND input buffer, fixed size 16 bytes
+        * @param sres          SRES output buffer, fixed size 4 byte
+        * @param kc            KC output buffer, fixed size 8 bytes
+        * @return                      TRUE if SRES/KC calculated, FALSE on error/wrong identity
         */
        bool (*get_triplet)(sim_card_t *this, identification_t *imsi,
                                                char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
@@ -68,13 +68,13 @@ struct sim_card_t {
         * If the received sequence number (in autn) is out of sync, INVALID_STATE
         * is returned.
         *
-        * @param imsi  peer identity requesting quintuplet for
-        * @param rand  random value rand
-        * @param autn  authentication token autn
-        * @param ck    buffer receiving encryption key ck
-        * @param ik    buffer receiving integrity key ik
-        * @param res   buffer receiving authentication result res
-        * @return              SUCCESS, FAILED, or INVALID_STATE if out of sync
+        * @param imsi          peer identity requesting quintuplet for
+        * @param rand          random value rand
+        * @param autn          authentication token autn
+        * @param ck            buffer receiving encryption key ck
+        * @param ik            buffer receiving integrity key ik
+        * @param res           buffer receiving authentication result res
+        * @return                      SUCCESS, FAILED, or INVALID_STATE if out of sync
         */
        status_t (*get_quintuplet)(sim_card_t *this, identification_t *imsi,
                                                           char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN],
@@ -84,13 +84,52 @@ struct sim_card_t {
        /**
         * Calculate AUTS from RAND for AKA resynchronization.
         *
-        * @param imsi  peer identity requesting quintuplet for
-        * @param rand  random value rand
-        * @param auts  resynchronization parameter auts
-        * @return              TRUE if parameter generated successfully
+        * @param imsi          peer identity requesting quintuplet for
+        * @param rand          random value rand
+        * @param auts          resynchronization parameter auts
+        * @return                      TRUE if parameter generated successfully
         */
        bool (*resync)(sim_card_t *this, identification_t *imsi,
                                   char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
+
+       /**
+        * Set the pseudonym to use for next authentication.
+        *
+        * @param perm          permanent identity of the peer (imsi)
+        * @param pseudo        pseudonym identity received from the server
+        */
+       void (*set_pseudonym)(sim_card_t *this, identification_t *perm,
+                                                 identification_t *pseudo);
+
+       /**
+        * Get the pseudonym previously stored via set_pseudonym().
+        *
+        * @param perm          permanent identity of the peer (imsi)
+        * @return                      associated pseudonym identity, NULL if none stored
+        */
+       identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *perm);
+
+       /**
+        * Store parameters to use for the next fast reauthentication.
+        *
+        * @param perm          permanent identity of the peer (imsi)
+        * @param next          next fast reauthentication identity to use
+        * @param mk            master key MK to store for reauthentication
+        * @param counter       counter value to store, host order
+        */
+       void (*set_reauth)(sim_card_t *this, identification_t *perm,
+                                          identification_t *next, char mk[HASH_SIZE_SHA1],
+                                          u_int16_t counter);
+
+       /**
+        * Retrieve parameters for fast reauthentication stored via set_reauth().
+        *
+        * @param perm          permanent identity of the peer (imsi)
+        * @param mk            buffer receiving master key MK
+        * @param counter       pointer receiving counter value, in host order
+        */
+       identification_t* (*get_reauth)(sim_card_t *this, identification_t *perm,
+                                                                       char mk[HASH_SIZE_SHA1], u_int16_t *counter);
 };
 
 /**