Use message instead of attributes in hook

author: Martin Willi <martin@strongswan.org> 2009-11-27 11:14:40 +0100
committer: Martin Willi <martin@revosec.ch> 2010-02-26 11:44:34 +0100
commit: ed5fc4cafe46abaa21282591756b6d98aab8df33 (patch)
tree: 97ad2b2ae1bcd3f2b64aeaf728feffd4be889123
parent: b3b74e479bf832665c906906660687197d9516fe (diff)
download: strongswan-ed5fc4cafe46abaa21282591756b6d98aab8df33.tar.bz2
strongswan-ed5fc4cafe46abaa21282591756b6d98aab8df33.tar.xz
4 files changed, 36 insertions, 41 deletions
diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/charon/sa/authenticators/eap/sim_manager.c
index 5060a3147..157865083 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.c
+++ b/src/charon/sa/authenticators/eap/sim_manager.c
@@ -450,27 +450,20 @@ static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks)
 }
 
 /**
- * Implementation of sim_manager_t.attribute_hook
+ * Implementation of sim_manager_t.message_hook
  */
-static bool attribute_hook(private_sim_manager_t *this, eap_code_t code,
-						   eap_type_t type, u_int8_t subtype,
-						   u_int8_t attribute, chunk_t data)
+static void message_hook(private_sim_manager_t *this,
+						 simaka_message_t *message, bool inbound, bool decrypted)
 {
 	enumerator_t *enumerator;
 	sim_hooks_t *hooks;
-	bool filter = FALSE;
 
 	enumerator = this->hooks->create_enumerator(this->hooks);
 	while (enumerator->enumerate(enumerator, &hooks))
 	{
-		if (hooks->attribute(hooks, code, type, subtype, attribute, data))
-		{
-			filter = TRUE;
-			break;
-		}
+		hooks->message(hooks, message, inbound, decrypted);
 	}
 	enumerator->destroy(enumerator);
-	return filter;
 }
 
 /**
@@ -528,7 +521,7 @@ sim_manager_t *sim_manager_create()
 	this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth;
 	this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks;
 	this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks;
-	this->public.attribute_hook = (bool(*)(sim_manager_t*, eap_code_t code, eap_type_t type, u_int8_t subtype, u_int8_t attribute, chunk_t data))attribute_hook;
+	this->public.message_hook = (void(*)(sim_manager_t*, simaka_message_t *message, bool inbound, bool decrypted))message_hook;
 	this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook;
 	this->public.destroy = (void(*)(sim_manager_t*))destroy;
 
diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h
index 49d27cbaa..9aa661ac8 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.h
+++ b/src/charon/sa/authenticators/eap/sim_manager.h
@@ -31,6 +31,9 @@ typedef struct sim_card_t sim_card_t;
 typedef struct sim_provider_t sim_provider_t;
 typedef struct sim_hooks_t sim_hooks_t;
 
+/** implemented in libsimaka, but we need it for the message hook */
+typedef struct simaka_message_t simaka_message_t;
+
 #define SIM_RAND_LEN	16
 #define SIM_SRES_LEN	 4
 #define SIM_KC_LEN		 8
@@ -245,17 +248,17 @@ struct sim_provider_t {
 struct sim_hooks_t {
 
 	/**
-	 * SIM/AKA attribute parsing hook.
+	 * SIM/AKA message parsing.
+	 *
+	 * As a SIM/AKA optionally contains encrypted attributes, the hook
+	 * might get invoked twice, once before and once after decryption.
 	 *
-	 * @param code		code of EAP message the attribute was parsed from
-	 * @param type		EAP method, SIM or AKA
-	 * @param subtye	method specific subtype
-	 * @param attribute	parsed SIM/AKA attribute type
-	 * @param data		attribute data
-	 * @return			TRUE to filter out attribute from further processing
+	 * @param message	SIM/AKA message
+	 * @param inbound	TRUE for incoming messages, FALSE for outgoing
+	 * @param decrypted	TRUE if AT_ENCR_DATA has been decrypted
 	 */
-	bool (*attribute)(sim_hooks_t *this, eap_code_t code, eap_type_t type,
-					  u_int8_t subtype, u_int8_t attribute, chunk_t data);
+	void (*message)(sim_hooks_t *this, simaka_message_t *message,
+					bool inbound, bool decrypted);
 
 	/**
 	 * SIM/AKA encryption/authentication key hooks.
@@ -478,18 +481,14 @@ struct sim_manager_t {
 	void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks);
 
 	/**
-	 * Invoke SIM/AKA attribute hook.
+	 * Invoke SIM/AKA message hook.
 	 *
-	 * @param code		EAP message code (Request/response/success/failed)
-	 * @param type		EAP method type, EAP-SIM or AKA
-	 * @param subtype	method specific message subtype
-	 * @param attribute	SIM/AKA attribute type
-	 * @param data		attribute data
-	 * @return			TRUE to filter out attribute from further processing
+	 * @param message	SIM message
+	 * @param inbound	TRUE for incoming messages, FALSE for outgoing
+	 * @param decrypted	TRUE if AT_ENCR_DATA has been decrypted
 	 */
-	bool (*attribute_hook)(sim_manager_t *this, eap_code_t code,
-						   eap_type_t type, u_int8_t subtype,
-						   u_int8_t attribute, chunk_t data);
+	void (*message_hook)(sim_manager_t *this, simaka_message_t *message,
+						 bool inbound, bool decrypted);
 
 	/**
 	 * Invoke SIM/AKA key hook.
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 22d111bfd..e0319e918 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -256,16 +256,12 @@ static void add_attribute(private_simaka_message_t *this,
 {
 	attr_t *attr;
 
-	if (!charon->sim->attribute_hook(charon->sim, this->hdr->code,
-							this->hdr->type, this->hdr->subtype, type, data))
-	{
-		attr = malloc(sizeof(attr_t) + data.len);
-		attr->len = data.len;
-		attr->type = type;
-		memcpy(attr->data, data.ptr, data.len);
+	attr = malloc(sizeof(attr_t) + data.len);
+	attr->len = data.len;
+	attr->type = type;
+	memcpy(attr->data, data.ptr, data.len);
 
-		this->attributes->insert_last(this->attributes, attr);
-	}
+	this->attributes->insert_last(this->attributes, attr);
 }
 
 /**
@@ -463,6 +459,9 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
 				break;
 		}
 	}
+
+	charon->sim->message_hook(charon->sim, &this->public, TRUE, this->encrypted);
+
 	return TRUE;
 }
 
@@ -604,6 +603,8 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
 	u_int16_t len;
 	signer_t *signer;
 
+	charon->sim->message_hook(charon->sim, &this->public, FALSE, TRUE);
+
 	out = chunk_create(out_buf, sizeof(out_buf));
 	encr = chunk_create(encr_buf, sizeof(encr_buf));
 
@@ -814,6 +815,9 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
 		data = chunk_cata("cc", out, sigdata);
 		signer->get_signature(signer, data, mac.ptr);
 	}
+
+	charon->sim->message_hook(charon->sim, &this->public, FALSE, FALSE);
+
 	return eap_payload_create_data(out);
 }
 
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index ee9b3ebec..341f72959 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -31,7 +31,6 @@
 
 #include "simaka_crypto.h"
 
-typedef struct simaka_message_t simaka_message_t;
 typedef enum simaka_attribute_t simaka_attribute_t;
 typedef enum simaka_subtype_t simaka_subtype_t;
 typedef enum simaka_notification_t simaka_notification_t;
author	Martin Willi <martin@strongswan.org>	2009-11-27 11:14:40 +0100
committer	Martin Willi <martin@revosec.ch>	2010-02-26 11:44:34 +0100
commit	ed5fc4cafe46abaa21282591756b6d98aab8df33 (patch)
tree	97ad2b2ae1bcd3f2b64aeaf728feffd4be889123
parent	b3b74e479bf832665c906906660687197d9516fe (diff)
download	strongswan-ed5fc4cafe46abaa21282591756b6d98aab8df33.tar.bz2 strongswan-ed5fc4cafe46abaa21282591756b6d98aab8df33.tar.xz