diff options
Diffstat (limited to 'src/libcharon/plugins/eap_sim')
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_peer.c | 42 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_peer.h | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_plugin.c | 41 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_plugin.h | 5 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_server.c | 33 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_server.h | 3 |
6 files changed, 83 insertions, 44 deletions
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index 083bf73a3..1d1ab99e0 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -18,6 +18,7 @@ #include <daemon.h> #include <simaka_message.h> +#include <simaka_manager.h> /* number of tries we do authenticate */ #define MAX_TRIES 3 @@ -41,6 +42,11 @@ struct private_eap_sim_peer_t { eap_sim_peer_t public; /** + * SIM backend manager + */ + simaka_manager_t *mgr; + + /** * permanent ID of peer */ identification_t *permanent; @@ -116,7 +122,7 @@ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this, encoded = htons(code); message->add_attribute(message, AT_CLIENT_ERROR_CODE, chunk_create((char*)&encoded, sizeof(encoded))); - out = message->generate(message, chunk_empty); + out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); return out; } @@ -188,7 +194,7 @@ static status_t process_start(private_eap_sim_peer_t *this, switch (id_req) { case AT_ANY_ID_REQ: - this->reauth = charon->sim->card_get_reauth(charon->sim, + this->reauth = this->mgr->card_get_reauth(this->mgr, this->permanent, this->mk, &this->counter); if (this->reauth) { @@ -197,8 +203,8 @@ static status_t process_start(private_eap_sim_peer_t *this, } /* FALL */ case AT_FULLAUTH_ID_REQ: - this->pseudonym = charon->sim->card_get_pseudonym(charon->sim, - this->permanent); + this->pseudonym = this->mgr->card_get_pseudonym(this->mgr, + this->permanent); if (this->pseudonym) { id = this->pseudonym->get_encoding(this->pseudonym); @@ -228,7 +234,7 @@ static status_t process_start(private_eap_sim_peer_t *this, { message->add_attribute(message, AT_IDENTITY, id); } - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); return NEED_MORE; @@ -287,8 +293,8 @@ static status_t process_challenge(private_eap_sim_peer_t *this, sreses = sres = chunk_alloca(rands.len / 4); while (rands.len >= SIM_RAND_LEN) { - if (!charon->sim->card_get_triplet(charon->sim, this->permanent, - rands.ptr, sres.ptr, kc.ptr)) + if (!this->mgr->card_get_triplet(this->mgr, this->permanent, + rands.ptr, sres.ptr, kc.ptr)) { DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); @@ -328,13 +334,13 @@ static status_t process_challenge(private_eap_sim_peer_t *this, case AT_NEXT_REAUTH_ID: this->counter = 0; id = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, id, - this->mk, this->counter); + this->mgr->card_set_reauth(this->mgr, this->permanent, id, + this->mk, this->counter); id->destroy(id); break; case AT_NEXT_PSEUDONYM: id = identification_create_from_data(data); - charon->sim->card_set_pseudonym(charon->sim, this->permanent, id); + this->mgr->card_set_pseudonym(this->mgr, this->permanent, id); id->destroy(id); break; default: @@ -346,7 +352,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, /* build response with AT_MAC, built over "EAP packet | n*SRES" */ message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_CHALLENGE, this->crypto); - *out = message->generate(message, sreses); + *out = eap_payload_create_data_own(message->generate(message, sreses)); message->destroy(message); return NEED_MORE; } @@ -443,13 +449,13 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, identification_t *reauth; reauth = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, reauth, - this->mk, this->counter); + this->mgr->card_set_reauth(this->mgr, this->permanent, reauth, + this->mk, this->counter); reauth->destroy(reauth); } } message->add_attribute(message, AT_COUNTER, counter); - *out = message->generate(message, nonce); + *out = eap_payload_create_data_own(message->generate(message, nonce)); message->destroy(message); return NEED_MORE; } @@ -500,7 +506,8 @@ static status_t process_notification(private_eap_sim_peer_t *this, { /* empty notification reply */ message = simaka_message_create(FALSE, this->identifier, EAP_SIM, SIM_NOTIFICATION, this->crypto); - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, + chunk_empty)); message->destroy(message); } else @@ -519,7 +526,7 @@ METHOD(eap_method_t, process, status_t, /* store received EAP message identifier */ this->identifier = in->get_identifier(in); - message = simaka_message_create_from_payload(in, this->crypto); + message = simaka_message_create_from_payload(in->get_data(in), this->crypto); if (!message) { *out = create_client_error(this, SIM_UNABLE_TO_PROCESS); @@ -633,7 +640,8 @@ eap_sim_peer_t *eap_sim_peer_create(identification_t *server, .destroy = _destroy, }, }, - .crypto = simaka_crypto_create(), + .crypto = simaka_crypto_create(EAP_SIM), + .mgr = lib->get(lib, "sim-manager"), ); if (!this->crypto) diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h index 89f81301e..ba72ce484 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h @@ -27,9 +27,6 @@ typedef struct eap_sim_peer_t eap_sim_peer_t; /** * EAP-SIM peer implementation. - * - * This EAP-SIM module uses sim_card_t implementations for triplet calculation, - * found via the eap_sim_manager_t. */ struct eap_sim_peer_t { diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c index b15292544..c148025bd 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c @@ -19,20 +19,41 @@ #include "eap_sim_peer.h" #include <daemon.h> +#include <simaka_manager.h> + +typedef struct private_eap_sim_plugin_t private_eap_sim_plugin_t; + +/** + * Private data of an eap_sim_plugin_t object. + */ +struct private_eap_sim_plugin_t { + + /** + * Public interface. + */ + eap_sim_plugin_t public; + + /** + * EAP-SIM backend manager + */ + simaka_manager_t *mgr; +}; METHOD(plugin_t, get_name, char*, - eap_sim_plugin_t *this) + private_eap_sim_plugin_t *this) { return "eap-sim"; } METHOD(plugin_t, destroy, void, - eap_sim_plugin_t *this) + private_eap_sim_plugin_t *this) { + lib->set(lib, "sim-manager", NULL); charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_sim_server_create); charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_sim_peer_create); + this->mgr->destroy(this->mgr); free(this); } @@ -41,21 +62,25 @@ METHOD(plugin_t, destroy, void, */ plugin_t *eap_sim_plugin_create() { - eap_sim_plugin_t *this; + private_eap_sim_plugin_t *this; INIT(this, - .plugin = { - .get_name = _get_name, - .reload = (void*)return_false, - .destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, }, + .mgr = simaka_manager_create(), ); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER, (eap_constructor_t)eap_sim_server_create); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER, (eap_constructor_t)eap_sim_peer_create); + lib->set(lib, "sim-manager", this->mgr); - return &this->plugin; + return &this->public.plugin; } diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h index 4e10380c4..0c71ca548 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h @@ -30,6 +30,11 @@ typedef struct eap_sim_plugin_t eap_sim_plugin_t; /** * EAP-SIM plugin. + * + * This plugin implements the protocol level of EAP-SIM and uses simaka_card_t + * and simaka_provider_t backends to provide triplets. It registers a + * simaka_manager_t on the library as "sim-manager", other plugins can use it + * to provide the required backends. */ struct eap_sim_plugin_t { diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index d1dfde5d6..a6704a7be 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -19,6 +19,7 @@ #include <simaka_message.h> #include <simaka_crypto.h> +#include <simaka_manager.h> /* number of triplets for one authentication */ #define TRIPLET_COUNT 3 @@ -39,6 +40,11 @@ struct private_eap_sim_server_t { eap_sim_server_t public; /** + * SIM backend manager + */ + simaka_manager_t *mgr; + + /** * permanent ID of peer */ identification_t *permanent; @@ -127,7 +133,7 @@ METHOD(eap_method_t, initiate, status_t, { message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty); } - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); this->pending = SIM_START; @@ -163,14 +169,14 @@ static status_t reauthenticate(private_eap_sim_server_t *this, SIM_REAUTHENTICATION, this->crypto); message->add_attribute(message, AT_COUNTER, this->counter); message->add_attribute(message, AT_NONCE_S, this->nonce); - next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk); + next = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk); if (next) { message->add_attribute(message, AT_NEXT_REAUTH_ID, next->get_encoding(next)); next->destroy(next); } - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); this->pending = SIM_REAUTHENTICATION; @@ -298,8 +304,8 @@ static status_t process_start(private_eap_sim_server_t *this, char mk[HASH_SIZE_SHA1]; u_int16_t counter; - permanent = charon->sim->provider_is_reauth(charon->sim, id, - mk, &counter); + permanent = this->mgr->provider_is_reauth(this->mgr, id, + mk, &counter); if (permanent) { this->permanent->destroy(this->permanent); @@ -315,7 +321,7 @@ static status_t process_start(private_eap_sim_server_t *this, } if (this->use_pseudonym) { - permanent = charon->sim->provider_is_pseudonym(charon->sim, id); + permanent = this->mgr->provider_is_pseudonym(this->mgr, id); if (permanent) { this->permanent->destroy(this->permanent); @@ -348,8 +354,8 @@ static status_t process_start(private_eap_sim_server_t *this, rands.len = kcs.len = sreses.len = 0; for (i = 0; i < TRIPLET_COUNT; i++) { - if (!charon->sim->provider_get_triplet(charon->sim, this->permanent, - rand.ptr, sres.ptr, kc.ptr)) + if (!this->mgr->provider_get_triplet(this->mgr, this->permanent, + rand.ptr, sres.ptr, kc.ptr)) { if (this->use_pseudonym) { @@ -386,7 +392,7 @@ static status_t process_start(private_eap_sim_server_t *this, message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, SIM_CHALLENGE, this->crypto); message->add_attribute(message, AT_RAND, rands); - id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr); + id = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk.ptr); if (id) { message->add_attribute(message, AT_NEXT_REAUTH_ID, @@ -395,7 +401,7 @@ static status_t process_start(private_eap_sim_server_t *this, } else { - id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent); + id = this->mgr->provider_gen_pseudonym(this->mgr, this->permanent); if (id) { message->add_attribute(message, AT_NEXT_PSEUDONYM, @@ -403,7 +409,7 @@ static status_t process_start(private_eap_sim_server_t *this, id->destroy(id); } } - *out = message->generate(message, nonce); + *out = eap_payload_create_data_own(message->generate(message, nonce)); message->destroy(message); free(mk.ptr); @@ -483,7 +489,7 @@ METHOD(eap_method_t, process, status_t, simaka_message_t *message; status_t status; - message = simaka_message_create_from_payload(in, this->crypto); + message = simaka_message_create_from_payload(in->get_data(in), this->crypto); if (!message) { return FAILED; @@ -588,7 +594,8 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server, .destroy = _destroy, }, }, - .crypto = simaka_crypto_create(), + .crypto = simaka_crypto_create(EAP_SIM), + .mgr = lib->get(lib, "sim-manager"), ); if (!this->crypto) diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h index 978e1e1e9..c0ed64ff2 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h @@ -27,9 +27,6 @@ typedef struct eap_sim_server_t eap_sim_server_t; /** * EAP-SIM server implementation. - * - * This EAP-SIM module uses sim_provider_t implementations for triplet - * calculation, found via the eap_sim_manager_t. */ struct eap_sim_server_t { |